This page collects WhisperX intelligence signals tagged #CVE-2025-68161. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
Apache Log4j 2 核心组件再次曝出高危安全漏洞。新发现的 CVE-2025-68161 影响范围广泛,涉及 Apache Log4j Core 从 2.0-beta9 到 2.25.2 的所有版本。漏洞核心在于其 Socket Appender 组件未能对通信对端的 TLS 证书执行主机名验证。这意味着,在特定配置下,使用该组件的应用程序可能面临中间人攻击风险,攻击者可能拦截或篡改日志数据流。这一缺陷直接削弱了 TLS 连接的核心安全保障,为潜在的数据泄露或日志注入攻击打开了后门。 此次漏洞由 GitHub 的依赖更新机器人 Renovate 在自动提交的修复拉取请求中披露。请求旨在将项目依赖的 `org.apache...
A critical security gap has been identified in Apache Log4j Core, where hostname verification—a critical safeguard against man-in-the-middle attacks—was configurable through the `<Ssl>` element but silently ignored by the software. The vulnerability stems from an incomplete fix for CVE-2025-68161, which addressed hostn...