{"cve":{"cve_id":"CVE-2026-1225","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00159,"epss_percentile":0.05349,"epss_as_of":"2026-06-23","description":"ACE vulnerability in configuration file processing  by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file.\n\n\n\n\nThe instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must  have write access to a \nconfiguration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado.","published_at":"2026-01-22T09:24:14.634000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":1.8,"cvss_v4_vector":"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:N/AU:N/RE:M/U:Green","cvss_v4_severity":"LOW","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-20"],"nvd_references":["https://logback.qos.ch/news.html#1.5.25"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:28:57.072741Z"},"effective_severity":"LOW","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"AT","name":"Attack Requirements","value":"P","value_label":"Present"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"L","value_label":"Low"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"L","value_label":"Low"},{"metric":"SA","name":"Availability (Subsequent System)","value":"L","value_label":"Low"},{"metric":"S","name":"Scope","value":"N","value_label":"None"},{"metric":"AU","name":"AU","value":"N","value_label":"None"},{"metric":"RE","name":"RE","value":"M","value_label":"M"},{"metric":"U","name":"U","value":"Green","value_label":"Green"}]},"affected":[{"vendor_slug":"qos.ch-sarl","vendor_name":"QOS.CH Sarl","product_slug":"logback-core","product_name":"Logback-core","version_start":"0.9.20","version_start_inclusive":true,"version_end":"1.5.24","version_end_inclusive":true,"cpe23_uri":"cve5:qos.ch-sarl:logback-core:0.9.20:1.5.24"},{"vendor_slug":"qos.ch-sarl","vendor_name":"QOS.CH Sarl","product_slug":"logback-core","product_name":"Logback-core","version_start":"1.5.25","version_start_inclusive":true,"version_end":"1.5.25","version_end_inclusive":true,"cpe23_uri":"cve5:qos.ch-sarl:logback-core:1.5.25:1.5.25"}],"exploit_refs":[],"news":[],"references":[{"url":"https://logback.qos.ch/news.html#1.5.25","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-01-22T09:24:14.634000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:50:44.924477Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:50:44.924477Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:50:44.924477Z","label":"CVSS score revised","source":"cvelistv5"}]}