CVE-2025-54812

{"id": "CVE-2025-54812", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}], "cvssMetricV40": [{"type": "Secondary", "source": "security@apache.org", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-22T19:15:39.803", "references": [{"url": "https://github.com/apache/logging-log4cxx/pull/509", "tags": ["Issue Tracking", "Patch"], "source": "security@apache.org"}, {"url": "https://github.com/apache/logging-log4cxx/pull/514", "tags": ["Issue Tracking", "Patch"], "source": "security@apache.org"}, {"url": "https://logging.apache.org/security.html#CVE-2025-54812", "tags": ["Vendor Advisory"], "source": "security@apache.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-117"}]}], "descriptions": [{"lang": "en", "value": "Improper Output Neutralization for Logs vulnerability in Apache Log4cxx.\n\n\nWhen using HTMLLayout, logger names are not properly escaped when writing out to the HTML file.\nIf untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order to hide information from logs or steal data from the user.\nIn order to activate this, the following sequence must occur:\n\n\n\n * Log4cxx is configured to use HTMLLayout.\n\n * Logger name comes from an untrusted string\n\n * Logger with compromised name logs a message\n\n * User opens the generated HTML log file in their browser, leading to potential XSS\n\n\nBecause logger names are generally constant strings, we assess the impact to users as LOW\n\n\nThis issue affects Apache Log4cxx: before 1.5.0.\n\n\nUsers are recommended to upgrade to version 1.5.0, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n de salida incorrecta para registros en Apache Log4cxx. Al usar HTMLLayout, los nombres de registradores no se escapan correctamente al escribir en el archivo HTML. Si se usan datos no confiables para recuperar el nombre de un registrador, un atacante podr\u00eda, en teor\u00eda, inyectar HTML o Javascript para ocultar informaci\u00f3n de los registros o robar datos del usuario. Para activar esto, debe ocurrir la siguiente secuencia: * Log4cxx est\u00e1 configurado para usar HTMLLayout. * El nombre del registrador proviene de una cadena no confiable * El registrador con nombre comprometido registra un mensaje * El usuario abre el archivo de registro HTML generado en su navegador, lo que lleva a un posible XSS Debido a que los nombres de registradores generalmente son cadenas constantes, evaluamos el impacto para los usuarios como BAJO Este problema afecta a Apache Log4cxx: antes de 1.5.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.5.0, que soluciona el problema."}], "lastModified": "2025-08-26T21:16:55.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:log4cxx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E1443DD-B968-4005-A287-964C6197FEB0", "versionEndExcluding": "1.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}