Log4j vulnerability (CVE-2025-68161)
Hi everyone, I’ve tested the latest version of SoapUI (v5.9.1) and noticed that it is still using Log4j v2.17.1 Could you please confirm whether there are plans to upgrade the Log4j component to a ...
Forum Discussion
We ran into this exact same issue auditing SoapUI v5.9.1 last month for our company’s security check. Log4j 2.17.1 indeed hasn’t fixed this new CVE-2025-68161 flaw. As a temporary workaround before official patch rolls out, we manually swapped the log4j jar file inside SoapUI’s lib folder to latest patched 2.23.1 build. Have you tried jar replacement for your testing environment yet?
Hi htmllenmsy.
That's a good suggestion. I hadn't thought about replacing the JAR as a test workaround. I'll try it out next time.Thanks for sharing it