CVE-2025-58137

Published: Dec 12, 2025Modified: Dec 18, 2025

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release.

Affected (1)

Products: Apache: Fineract

Apache

1 product

Fineract

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Fineract	Before 1.12.1

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://lists.apache.org/thread/gz3zhoghlclch3rdnzyrdcf69c0507ww

Source: security@apache.org

Mailing ListVendor Advisory

http://www.openwall.com/lists/oss-security/2025/12/11/7

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.