On December 9, 2021, Vimeo along with much of the tech world became aware of a Zero-Day vulnerability, CVE-2021-44228, currently referred to as the Log4j or Log4Shell vulnerability.
Vimeo has identified limited impact to our production environment, which has been mitigated.
Our teams have worked diligently to remediate this issue through layered security controls, including scanning our environment, disabling unneeded services and patching where applicable. We have also taken action to identify and engage with impacted third parties and critical vendors to address potential vulnerabilities and ensure a secure path forward.
Vulnerabilities associated with the Log4j library continue to evolve, and Vimeo acknowledges
that its associated threat is fluid in nature. We continue to monitor for threat actors attempting to leverage the Log4j vulnerability as an attack vector however, we still have not observed any indication of exploit or compromise to Vimeo systems or resources.