On December 9, 2021, Vimeo along with much of the tech world became aware of a Zero-Day
vulnerability, CVE-2021-44228, currently referred to as the Log4j or Log4Shell vulnerability.
Vimeo has identified limited impact to our production environment, which has been mitigated.
Our teams have worked diligently to remediate this issue through layered security controls,
including scanning our environment, disabling unneeded services and patching where
applicable. We have also taken action to identify and engage with impacted third parties and
critical vendors to address potential vulnerabilities and ensure a secure path forward.
Vulnerabilities associated with the Log4j library continue to evolve, and Vimeo acknowledges
that its associated threat is fluid in nature. We continue to monitor for threat actors attempting to
leverage the Log4j vulnerability as an attack vector however, we still have not observed any
indication of exploit or compromise to Vimeo systems or resources.