vulnerability

SUSE: CVE-2025-11226: SUSE Linux Security Advisory

Try Surface Command
Back to search
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Oct 7, 2025
Added
Dec 5, 2025
Modified
Dec 10, 2025

Description

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution.

Solutions

suse-upgrade-logbacksuse-upgrade-logback-accesssuse-upgrade-logback-examplessuse-upgrade-logback-javadoc

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today