Impact of Vulnerabilities CVE-2025-7962, CVE-2025-66453 & CVE-2026-34480 with Workload Automation Agent 24.1
search cancel

Impact of Vulnerabilities CVE-2025-7962, CVE-2025-66453 & CVE-2026-34480 with Workload Automation Agent 24.1

book

Article ID: 442621

calendar_today

Updated On:

Products

Workload Automation Agent

Issue/Introduction

A security vulnerability scan of a containerized Workload Automation Agent (version 24.1) identifies multiple libraries as susceptible to vulnerabilities based on their installed versions. 

Reported Components & Paths:

  • Rhino 1.7.12 Path: /opt/CA/WorkloadAutomationAE/SystemAgent/WA_AGENT/jars/js.jar
    Associated CVEs: CVE-2025-66453

  • Log4j-core 2.18.0 Path: /opt/CA/WorkloadAutomationAE/SystemAgent/WA_AGENT/jars/ext/log4j-core.jar
    Associated CVEs: CVE-2026-34480

  • Mail 2.0.1 Path: /opt/CA/WorkloadAutomationAE/SystemAgent/WA_AGENT/jars/ext/mail.jar
    Associated CVEs: CVE-2025-7962

 

Environment

Product: Workload Automation Agent
Version: 24.1

Cause

Security scanners often flag libraries based solely on the version string in the filename or manifest. However, many vulnerabilities are only exploitable if specific code paths (APIs) or configuration settings (Appenders/Layouts) are active within the application.

Resolution

Analysis of Impact

  • Log4j (CVE-2025-68161): This vulnerability resides specifically in the SocketAppender functionality (SslSocketManager.java). The Workload Automation Agent does not utilize the SocketAppender API in its source code, nor is it configured to use this functionality at runtime. Therefore, the Agent is not impacted.
  • Log4j (CVE-2026-34480): This vulnerability impacts the XmlLayout component. Since the Workload Automation Agent does not utilize XmlLayout for its logging configuration, the vulnerability is not exploitable in this environment.
  • Rhino and Mail jars: While these versions are flagged by scanners, there are no known exploitable paths within the standard Workload Automation Agent operations for the associated CVEs.

Recommendation
To remediate these findings for security compliance and ensure you are running the most secure versions of bundled libraries, follow these options: 

  • Option 1: Upgrade the Agent (Recommended)
    Upgrade the agent to the latest release (version 24.2 or newer). Version 24.2 is shipped with Log4j 2.25.3 (which addresses CVE-2025-68161) and updated versions of the Rhino and Mail libraries.

  • Option 2: Manual Log4j Upgrade
    If an immediate agent upgrade is not feasible, the Log4j libraries can be manually replaced. Refer to Steps to manually upgrade Log4j to version 2.25.x for AutoSys Workload Automation Agents.

    As for the mail.jar and js.jar, since they are not exploitable. Therefore, no action is required.
Powered by Wolken Software