CVE-2025-54813 — HIGH (7.5)

Q: How severe is CVE-2025-54813?

CVE-2025-54813 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-54813?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Log4Cxx.

Vulnerability Description

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON message. This may prevent applications that consume these logs from correctly interpreting the information within them. This issue affects Apache Log4cxx: before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Log4Cxx	< 1.5.0

Related Weaknesses (CWE)

CWE-117

References

FAQ

What is CVE-2025-54813?

CVE-2025-54813 is a vulnerability with a CVSS score of 7.5 (HIGH). Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printa...

How severe is CVE-2025-54813?

CVE-2025-54813 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-54813?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Log4Cxx.