is ESP dSeries Workload Automation impacted by CVE-2025-68161
search cancel

is ESP dSeries Workload Automation impacted by CVE-2025-68161

book

Article ID: 434248

calendar_today

Updated On:

Products

ESP dSeries Workload Automation

Issue/Introduction

A recent security vulnerabilit scan has detected Apache Log4j 2.0-beta9 < 2.25.3 MitM, based on CVE-2025-68161.

Is dSeries impacted by this and if so, is there a mitigation for this currently available?

Resolution

ESP dSeries Workload Automation is not impacted by this vulnerability.

Vulnerability Summary:
CVE-2025-68161 is a missing TLS hostname verification vulnerability in Apache Log4j Core's Socket Appender (SslSocketManager.java). When the Socket Appender is configured to transmit log data to a remote server over SSL/TLS, Log4j fails to verify that the server's certificate hostname matches the intended host — enabling a potential Man-in-the-Middle (MITM) attack on the logging channel.

Why We Are Not Affected?
The vulnerability is only triggerable through the Socket Appender code path. Specifically:

The flaw lives in SslSocketManager.java — a class that is instantiated solely when a <Socket> appender with SSL/TLS is declared and active in the Log4j configuration.

No Socket Appender is currently configured in our application. Our Log4j configuration does not contain any <Socket> appender definition. As a result, SslSocketManager is never loaded or invoked at runtime.

No TLS handshake is initiated by Log4j. Since the vulnerable code is responsible for performing (or failing to perform) hostname verification during a TLS handshake to a remote logging server, and no such connection is ever established in our setup, the vulnerable code is never executed.

The attack vector requires an active socket connection. A MiTM attacker can only exploit this flaw by intercepting traffic between a Log4j client and a remote log receiver. With no outbound logging socket in use, there is no such traffic to intercept.



Conclusion:
Since the root cause of CVE-2025-68161 is confined entirely to the Socket Appender's SSL handling logic, and our application does not use the Socket Appender , this vulnerability has no attack surface in our system and is not exploitable in our current deployment/configuration.
No immediate remediation action is required for this specific CVE.

Additional Information

CVE-2025-68161

Powered by Wolken Software