CVE-2025-54813

Name of the Vulnerable Software and Affected Versions: Apache Log4cxx versions prior to 1.5.0

Description: The software contains an improper output neutralization issue for logs. When using JSONLayout, not all payload bytes are properly escaped. Attackers can supply messages containing non-printable characters that will be passed along and written as part of the JSON message, potentially preventing applications consuming these logs from correctly interpreting the information.

Recommendations: Upgrade to version 1.5.0.