Home

Description

Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release.

PUBLISHED Reserved 2025-08-26 | Published 2025-12-12 | Updated 2025-12-12 | Assigner apache

Problem types

CWE-639 Authorization Bypass Through User-Controlled Key

Product status

Default status
unaffected

Any version
affected

1.12.1 (semver)
unaffected

Credits

Peter Chen reporter

Ádám Sághy remediation developer

Aleksandar Vidakovic remediation reviewer

Víctor Romero remediation reviewer

References

www.openwall.com/lists/oss-security/2025/12/11/7

lists.apache.org/thread/gz3zhoghlclch3rdnzyrdcf69c0507ww vendor-advisory

cve.org (CVE-2025-58137)

nvd.nist.gov (CVE-2025-58137)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.