Qos.Ch · Logback-Core · CVE-2026-1225
**Name of the Vulnerable Software and Affected Versions**
logback-core versions prior to 1.5.25
**Description**
A configuration file processing issue exists in QOS.CH logback-core, potentially allowing an attacker to instantiate classes already present on the system's class path by manipulating a logback configuration file. Successful exploitation requires write access to a configuration file and the presence of a malicious Java class on the user's class path. After instantiation, the instance is likely discarded.
**Recommendations**
Update to logback-core version 1.5.25 or later.