Security advisory for CVE-2025-68161 related to log4j vulnerability
search cancel

Security advisory for CVE-2025-68161 related to log4j vulnerability

book

Article ID: 437824

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Security team rejects the scan because of CVE-2025-68161 related to log4j vulnerability
  • Impact: This allows a Man-in-the-Middle (MitM) attack. An attacker who can intercept network traffic between your application and the log server can present their own valid certificate. Because Log4j doesn't verify that the name on the certificate matches the server's hostname, it will trust the attacker and send your log data (which often contains sensitive info) to them.

Environment

  • VMware vCenter Server 8.0.X

Resolution

  1. Engineering Team is aware of this issue and the fix will be included in future version. 

    Scheduled to be updated to log4j-2.25.3 

Powered by Wolken Software