CVSS of 10 sounds like this is another log4j, but it seems like the exploit requires some other unusual circumstances to work