diff --git a/boms/geode-all-bom/src/test/resources/expected-pom.xml b/boms/geode-all-bom/src/test/resources/expected-pom.xml
index 5012661c9731..4d0921455467 100644
--- a/boms/geode-all-bom/src/test/resources/expected-pom.xml
+++ b/boms/geode-all-bom/src/test/resources/expected-pom.xml
@@ -530,27 +530,27 @@
org.apache.logging.log4j
log4j-api
- 2.17.2
+ 2.25.4
org.apache.logging.log4j
log4j-core
- 2.17.2
+ 2.25.4
org.apache.logging.log4j
log4j-jcl
- 2.17.2
+ 2.25.4
org.apache.logging.log4j
log4j-jul
- 2.17.2
+ 2.25.4
org.apache.logging.log4j
log4j-slf4j-impl
- 2.17.2
+ 2.25.4
org.apache.lucene
diff --git a/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy b/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
index 468bd83c9115..b0f3b783897e 100644
--- a/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
+++ b/build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
@@ -39,7 +39,7 @@ class DependencyConstraints {
deps.put("fastutil.version", "8.5.8")
deps.put("javax.transaction-api.version", "1.3")
deps.put("jgroups.version", "3.6.20.Final")
- deps.put("log4j.version", "2.25.3")
+ deps.put("log4j.version", "2.25.4")
deps.put("micrometer.version", "1.9.1")
deps.put("shiro.version", "1.13.0")
deps.put("slf4j-api.version", "1.7.36")
diff --git a/geode-assembly/src/acceptanceTest/resources/gradle-test-projects/management/build.gradle b/geode-assembly/src/acceptanceTest/resources/gradle-test-projects/management/build.gradle
index 0542f3e034f9..a074d300865b 100644
--- a/geode-assembly/src/acceptanceTest/resources/gradle-test-projects/management/build.gradle
+++ b/geode-assembly/src/acceptanceTest/resources/gradle-test-projects/management/build.gradle
@@ -25,7 +25,7 @@ repositories {
dependencies {
compile("${project.group}:geode-core:${project.version}")
- runtime('org.apache.logging.log4j:log4j-slf4j-impl:2.12.0')
+ runtime('org.apache.logging.log4j:log4j-slf4j-impl:2.25.4')
}
application {
diff --git a/geode-assembly/src/integrationTest/resources/assembly_content.txt b/geode-assembly/src/integrationTest/resources/assembly_content.txt
index 9f38e0b8b8e1..134859ac1de6 100644
--- a/geode-assembly/src/integrationTest/resources/assembly_content.txt
+++ b/geode-assembly/src/integrationTest/resources/assembly_content.txt
@@ -1031,11 +1031,11 @@ lib/jna-5.11.0.jar
lib/jna-platform-5.11.0.jar
lib/joda-time-2.10.14.jar
lib/jopt-simple-5.0.4.jar
-lib/log4j-api-2.17.2.jar
-lib/log4j-core-2.17.2.jar
-lib/log4j-jcl-2.17.2.jar
-lib/log4j-jul-2.17.2.jar
-lib/log4j-slf4j-impl-2.17.2.jar
+lib/log4j-api-2.25.4.jar
+lib/log4j-core-2.25.4.jar
+lib/log4j-jcl-2.25.4.jar
+lib/log4j-jul-2.25.4.jar
+lib/log4j-slf4j-impl-2.25.4.jar
lib/lucene-analyzers-common-6.6.6.jar
lib/lucene-analyzers-phonetic-6.6.6.jar
lib/lucene-core-6.6.6.jar
diff --git a/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt b/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt
index a1a3560272cb..0d906b581ea0 100644
--- a/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt
+++ b/geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt
@@ -28,11 +28,11 @@ jackson-datatype-jsr310-2.21.2.jar
jackson-databind-2.21.2.jar
swagger-annotations-2.2.1.jar
jopt-simple-5.0.4.jar
-log4j-slf4j-impl-2.17.2.jar
-log4j-core-2.17.2.jar
-log4j-jcl-2.17.2.jar
-log4j-jul-2.17.2.jar
-log4j-api-2.17.2.jar
+log4j-slf4j-impl-2.25.4.jar
+log4j-core-2.25.4.jar
+log4j-jcl-2.25.4.jar
+log4j-jul-2.25.4.jar
+log4j-api-2.25.4.jar
spring-context-5.3.20.jar
spring-core-5.3.20.jar
lucene-analyzers-phonetic-6.6.6.jar
diff --git a/geode-docs/managing/logging/configuring_log4j2.html.md.erb b/geode-docs/managing/logging/configuring_log4j2.html.md.erb
index 460af7992f4e..04f5f574485d 100644
--- a/geode-docs/managing/logging/configuring_log4j2.html.md.erb
+++ b/geode-docs/managing/logging/configuring_log4j2.html.md.erb
@@ -36,16 +36,16 @@ You can also configure Log4j 2 to work with various popular and commonly used lo
For example, if you are using:
-- **Commons Logging**, download "Commons Logging Bridge" (`log4j-jcl-2.17.2.jar`)
-- **SLF4J**, download "SLFJ4 Binding" (`log4j-slf4j-impl-2.17.2.jar`)
-- **java.util.logging**, download the "JUL adapter" (`log4j-jul-2.17.2.jar`)
+- **Commons Logging**, download "Commons Logging Bridge" (`log4j-jcl-2.25.4.jar`)
+- **SLF4J**, download "SLFJ4 Binding" (`log4j-slf4j-impl-2.25.4.jar`)
+- **java.util.logging**, download the "JUL adapter" (`log4j-jul-2.25.4.jar`)
See [http://logging.apache.org/log4j/2.x/faq.html](http://logging.apache.org/log4j/2.x/faq.html) for more examples.
-All three of the above JAR files are in the full distribution of Log4J 2.17.2 which can be downloaded at [http://logging.apache.org/log4j/2.x/download.html](http://logging.apache.org/log4j/2.x/download.html). Download the appropriate bridge, adapter, or binding JARs to ensure that <%=vars.product_name%> logging is integrated with every logging API used in various third-party libraries or in your own applications.
+All three of the above JAR files are in the full distribution of Log4J 2.25.4 which can be downloaded at [http://logging.apache.org/log4j/2.x/download.html](http://logging.apache.org/log4j/2.x/download.html). Download the appropriate bridge, adapter, or binding JARs to ensure that <%=vars.product_name%> logging is integrated with every logging API used in various third-party libraries or in your own applications.
**Note:**
-<%=vars.product_name_long%> has been tested with Log4j 2.17.2. As newer versions of Log4j 2 come out, you can find 2.17.2 under Previous Releases on that page.
+<%=vars.product_name_long%> has been tested with Log4j 2.25.4. As newer versions of Log4j 2 come out, you can find 2.25.4 under Previous Releases on that page.
## Customizing Your Own log4j2.xml File
diff --git a/geode-docs/managing/logging/how_logging_works.html.md.erb b/geode-docs/managing/logging/how_logging_works.html.md.erb
index ea150a81a826..e912b90190f6 100644
--- a/geode-docs/managing/logging/how_logging_works.html.md.erb
+++ b/geode-docs/managing/logging/how_logging_works.html.md.erb
@@ -21,9 +21,9 @@ limitations under the License.
<%=vars.product_name%> uses [Apache Log4j 2](http://logging.apache.org/log4j/2.x/) API and Core libraries as the basis for its logging system. Log4j 2 API is a popular and powerful front-end logging API used by all the <%=vars.product_name%> classes to generate log statements. Log4j 2 Core is a backend implementation for logging; you can route any of the front-end logging API libraries to log to this backend. <%=vars.product_name%> uses the Core backend to run three custom Log4j 2 Appenders: **GeodeConsole**, **GeodeLogWriter**, and **GeodeAlert**.
-<%=vars.product_name%> has been tested with Log4j 2.17.2.
+<%=vars.product_name%> has been tested with Log4j 2.25.4.
<%=vars.product_name%> requires the
-`log4j-api-2.17.2.jar` and `log4j-core-2.17.2.jar`
+`log4j-api-2.25.4.jar` and `log4j-core-2.25.4.jar`
JAR files to be in the classpath.
Both of these JARs are distributed in the `/lib` directory and included in the appropriate `*-dependencies.jar` convenience libraries.
diff --git a/geode-docs/tools_modules/http_session_mgmt/weblogic_setting_up_the_module.html.md.erb b/geode-docs/tools_modules/http_session_mgmt/weblogic_setting_up_the_module.html.md.erb
index 084db231743b..5b315ffe41c1 100644
--- a/geode-docs/tools_modules/http_session_mgmt/weblogic_setting_up_the_module.html.md.erb
+++ b/geode-docs/tools_modules/http_session_mgmt/weblogic_setting_up_the_module.html.md.erb
@@ -108,9 +108,9 @@ If you are deploying an ear file:
lib/geode-serialization.1.0.0.jar
lib/javax.transaction-api-1.3.jar
lib/jgroups-3.6.8.Final.jar
- lib/log4j-api-2.5.jar
- lib/log4j-core-2.5.jar
- lib/log4j-jul-2.5.jar
+ lib/log4j-api-2.25.4.jar
+ lib/log4j-core-2.25.4.jar
+ lib/log4j-jul-2.25.4.jar
```
## Peer-to-Peer Setup
diff --git a/geode-server-all/src/integrationTest/resources/dependency_classpath.txt b/geode-server-all/src/integrationTest/resources/dependency_classpath.txt
index 6bfbb3f0aaf5..643743b249b6 100644
--- a/geode-server-all/src/integrationTest/resources/dependency_classpath.txt
+++ b/geode-server-all/src/integrationTest/resources/dependency_classpath.txt
@@ -42,11 +42,11 @@ jetty-http-9.4.57.v20241219.jar
geode-memcached-0.0.0.jar
rmiio-2.1.2.jar
geode-tcp-server-0.0.0.jar
-log4j-jcl-2.17.2.jar
+log4j-jcl-2.25.4.jar
geode-connectors-0.0.0.jar
jackson-core-2.21.2.jar
jetty-util-9.4.57.v20241219.jar
-log4j-slf4j-impl-2.17.2.jar
+log4j-slf4j-impl-2.25.4.jar
lucene-analyzers-common-6.6.6.jar
geode-membership-0.0.0.jar
jetty-webapp-9.4.57.v20241219.jar
@@ -55,21 +55,21 @@ jopt-simple-5.0.4.jar
swagger-annotations-2.2.0.jar
snappy-0.4.jar
geode-wan-0.0.0.jar
-log4j-api-2.17.2.jar
+log4j-api-2.25.4.jar
geode-serialization-0.0.0.jar
istack-commons-runtime-4.0.1.jar
lucene-queryparser-6.6.6.jar
jetty-io-9.4.57.v20241219.jar
geode-deployment-legacy-0.0.0.jar
commons-beanutils-1.11.0.jar
-log4j-core-2.17.2.jar
+log4j-core-2.25.4.jar
shiro-crypto-core-1.13.0.jar
jaxb-api-2.3.1.jar
geode-unsafe-0.0.0.jar
spring-shell-1.2.0.RELEASE.jar
jaxb-impl-2.3.2.jar
jna-platform-5.11.0.jar
-log4j-jul-2.17.2.jar
+log4j-jul-2.25.4.jar
HdrHistogram-2.1.12.jar
jackson-annotations-2.21.jar
micrometer-core-1.9.1.jar