CVE-2025-68161: Apache Log4j Core: Missing TLS hostname verification in Socket appender

Overview

Severity

N/A

Exploit Status

Not Exploited

Patch Tuesday

2025-Dec

Released

2025-12-21

Last Updated

2026-01-13

EPSS Score

0.03% (percentile: 9.9%)

Affected Products (1)

Open Source Software

• azl3 javapackages-bootstrap 1.14.0-3 on Azure Linux 3.0

Revision History

• 2025-12-21: Information published.
• 2025-12-23: Information published.
• 2026-01-13: Information published.