CVE-2025-58137

EUVD-2025-203066
Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract.

This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1.

Users are encouraged to upgrade to version 1.13.0, the latest release.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA-ADPADP
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
apachefineract
𝑥
< 1.12.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lists.apache.org/thread/gz3zhoghlclch3rdnzyrdcf69c0507ww
http://www.openwall.com/lists/oss-security/2025/12/11/7