oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-58130: Apache Fineract: Server Key not masked

From: Adam Monsen <meonkeys () apache org>
Date: Thu, 11 Dec 2025 21:23:57 +0000
Severity: low 

Affected versions:

- Apache Fineract through 1.11.0
- Apache Fineract 1.12.1 unaffected

Description:

Insufficiently Protected Credentials vulnerability in Apache Fineract.

This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1.

Users are encouraged to upgrade to version 1.13.0, the latest release.

Credit:

Peter Chen (reporter)
Jose Alberto Hernandez (remediation developer)
Ádám Sághy (remediation reviewer)

References:

https://fineract.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-58130
Previous By Date Next
Previous By Thread Next

Current thread: