CVE-2025-54813 – This vulnerability in Apache Log4cxx's JSONLayo... (How to Fix)

Q: What is the severity of CVE-2025-54813?

CVE-2025-54813 has a CVSS score of 7.5 (HIGH). This vulnerability in Apache Log4cxx's JSONLayout allows attackers to inject non-printable characters into log messages, which aren't properly escaped. This can corrupt JSON log output and disrupt downstream log processing systems. It affects all applications using Log4cxx versions before 1.5.0 with JSONLayout enabled.

📋 TL;DR

This vulnerability in Apache Log4cxx's JSONLayout allows attackers to inject non-printable characters into log messages, which aren't properly escaped. This can corrupt JSON log output and disrupt downstream log processing systems. It affects all applications using Log4cxx versions before 1.5.0 with JSONLayout enabled.

💻 Affected Systems

Products:

Apache Log4cxx

Versions: All versions before 1.5.0

Operating Systems: All operating systems running Log4cxx

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when using JSONLayout configuration. Other layouts are not affected.

📦 What is this software?

Log4cxx by Apache

View all CVEs affecting Log4cxx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Log corruption leads to log analysis system failures, data loss in monitoring pipelines, or denial of service for applications relying on log processing.

🟠

Likely Case

Disrupted log parsing in SIEM systems, monitoring tools, or log aggregators causing gaps in visibility and alerting.

🟢

If Mitigated

Minimal impact if logs aren't consumed by JSON parsers or if proper input validation exists before logging.

🌐 Internet-Facing: MEDIUM - Requires attacker ability to influence logged messages, which may be possible through user inputs in web applications.

🏢 Internal Only: LOW - Typically requires authenticated access or specific application functionality to influence log content.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to control log message content, typically through application inputs. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.0

Vendor Advisory: https://logging.apache.org/security.html#CVE-2025-54813

Restart Required: Yes

Instructions:

1. Download Log4cxx 1.5.0 from Apache website. 2. Replace existing Log4cxx library files. 3. Recompile applications if statically linked. 4. Restart all services using Log4cxx.

🔧 Temporary Workarounds

Switch to PatternLayout

all

Temporarily use PatternLayout instead of JSONLayout for logging output

Modify log4cxx.xml or configuration to replace <layout class="org.apache.log4j.json.JSONLayout"> with <layout class="org.apache.log4j.PatternLayout">

Input Validation Filter

all

Add custom filter to sanitize log messages before JSONLayout processing

Implement custom filter class that escapes non-printable characters before passing to logger

🧯 If You Can't Patch

Implement application-level input validation to sanitize all user inputs before logging
Deploy log processing middleware that sanitizes JSON output before reaching downstream systems

🔍 How to Verify

Check if Vulnerable:

Check if application uses Log4cxx with JSONLayout and version is below 1.5.0

Check Version:

Check library files or use: strings liblog4cxx.so | grep -i version

Verify Fix Applied:

Verify Log4cxx version is 1.5.0 or higher and test logging with non-printable characters to confirm proper escaping

📡 Detection & Monitoring

Log Indicators:

Malformed JSON in log files
Log parsing errors in downstream systems
Unexpected control characters in JSON logs

Network Indicators:

Increased error rates in log processing systems

SIEM Query:

source="*log4cxx*" AND (message="*JSONParseError*" OR message="*malformed JSON*")

📊 Metadata

CVE ID: CVE-2025-54813

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-117

EPSS Score: 0.18% exploit probability (39.9th percentile)

Published: August 22, 2025

Last Updated: November 4, 2025

🔗 References

https://github.com/apache/logging-log4cxx/pull/512 Issue Tracking,Patch
https://logging.apache.org/security.html#CVE-2025-54813 Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/08/22/3
https://lists.debian.org/debian-lts-announce/2025/10/msg00002.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54813, you might also want to check these: