Fedora 41: log4cxx Important Improper JSON Output Vuln 2025-1b48c1a920
fedora
October 12, 2025
Update to 1.5.0, fix CVE-2025-54813, CVE-2025-22838
Summary
Log4cxx is a popular logging package written in C++. One of its distinctive
features is the notion of inheritance in loggers. Using a logger hierarchy it
is possible to control which log statements are output at arbitrary
granularity. This helps reduce the volume of logged output and minimize the
cost of logging.
Update Information:
Update to 1.5.0, fix CVE-2025-54813, CVE-2025-22838
Topics Covered
Change Log
* Fri Oct 3 2025 Till Hofmann
References
[ 1 ] Bug #2393061 - CVE-2025-54812 log4cxx: Log4cxx HTMLLayout XSS Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2393061
[ 2 ] Bug #2393132 - CVE-2025-54813 log4cxx: Log4cxx: Improper JSON Output Neutralization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2393132
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-1b48c1a920' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Name: log4cxx
Product: Fedora 41
Version: 1.5.0
Release: 1.fc41
Summary: A port to C++ of the Log4j project
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!