Apache Log4j: 2.3.2 → 2.25.4
Apache · upgrade impact · Official site ↗
Fixed by upgrading to 2.25.4 iVulnerabilities that affect 2.3.2 but no longer affect 2.25.4 — the security gain from this upgrade, by exploited status then exploitation probability.
Exploited first, then by exploitation probability (EPSS).
CVE-2021-45046 CRITICAL exploited ransomware EPSS 100% ✓ cleared in 2.25.4 CVE-2017-5645 CRITICAL EPSS 89% ✓ cleared in 2.25.4 CVE-2026-34480 HIGH EPSS 1% ✓ cleared in 2.25.4 CVE-2025-68161 MEDIUM EPSS 1% ✓ cleared in 2.25.4