We started this blog at the start of last year with a post titled “We need to talk about Log4J”. With the year coming to an end and 2025 kicking off, we thought we should look at how that particular CVE has been progressed during the past year.

To recap, three years ago the cybersecurity world was shaken by the discovery of a critical vulnerability in the widely-used Apache Log4j library, known as Log4Shell (CVE-2021-44228). This zero-day vulnerability allowed attackers to execute arbitrary code on affected systems, leading to a global scramble to patch and secure vulnerable applications.

So how has the year unfolded for this CVE? Unfortunately, this is not a good news story! Despite extensive remediation efforts, Log4j remains one of the most exploited vulnerabilities in 2024. Reports from the industry highlight that Log4Shell continues to be a significant threat. According to Cato Networks’ Q1 2024 Threat Report, Log4Shell accounted for 30% of outbound vulnerability exploitations and 18% of inbound vulnerability exploitations.

The persistence of Log4j vulnerabilities underscores the challenges organizations face in securing their software stack. New vulnerabilities related to Log4j have emerged, and unpatched systems continue to be exploited by attackers. The FritzFrog botnet, for example, has leveraged Log4Shell to compromise systems on a large scale.

FritzFrog is a sophisticated peer-to-peer (P2P) botnet that was first discovered by Guardicore Labs (now Akamai Threat Labs) in August 2020.  In 2024, FritzFrog has evolved to include new capabilities, such as exploiting the Log4Shell vulnerability to infect vulnerable systems. This has allowed the botnet to grow significantly, with over 1,500 distinct hosts infected since its reappearance2. The botnet’s ability to run any malicious payload on infected nodes makes it a formidable threat.

As we navigate into 2025, it’s clear that the conversation around Log4j is far from over. We recently saw a review of the most exploited vulnerabilities of 2023 by the Five Eyes agencies showed that it was still in the top 10 exploited vulnerabilities. The Log4j vulnerability serves as a stark reminder of the importance of proactive security measures and the ongoing battle against cyber threats and the fear with Log4J is that we will be posting similar stories again next year.