Impact
ACE vulnerability in conditional configuration file processing by QOS.CH Logback‑core, in versions up to 1.5.36, allows an attacker to execute arbitrary code by compromising an existing Logback configuration file or by injecting an environment variable before program execution. The vulnerability bypasses the safeguards implemented against CVE‑2025‑11226, enabling code execution through Janino, which must be present on the application's classpath. The attacker also needs write access to the configuration file or control over the environment variable, and the attack requires existing local privileges.
Affected Systems
Java applications that use QOS.CH Logback‑core 1.5.36 or earlier and have the Janino library available on the classpath, or that permit environment variables to reference external Logback configuration files, are impacted. The vulnerability is absent in Logback‑core 1.5.37 and later.
Risk and Exploitability
The CVSS score of 7 indicates a high impact on confidentiality, integrity, and availability for privileged users. The EPSS score of less than 1 % shows a low likelihood of exploitation in the wild, and the vulnerability is not cataloged in CISA’s KEV list. Expl of Janino, and either write access to a Logback configuration file or control over environment variables; the overall risk to exposed systems is moderate but remains low because of the limited attack prerequisites.
OpenCVE Enrichment