Insufficiently Protected Credentials in Apache Fineract by Apache
CVE-2025-58130

9.1CRITICAL

Key Information:

Vendor: Apache
Status: Apache Fineract
Vendor: CVE Published:; 12 December 2025

What is CVE-2025-58130?

The Insufficiently Protected Credentials vulnerability in Apache Fineract leaves sensitive information unprotected in earlier versions of the software. This weakness could potentially allow unauthorized access to user credentials and sensitive data. To mitigate risks, it is crucial for users to upgrade to version 1.12.1 or later. The latest version, 1.13.0, includes fixes that enhance security and protect against potential exploits related to this vulnerability.

Affected Version(s)

Apache Fineract 0 <= 1.11.0

Apache Fineract 1.12.1

References

https://lists.apache.org/thread/d9zpkc86zk265523tfvbr8w7g...

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2025
Vulnerability Reserved
Aug 25, 2025

Credit

Peter Chen

Jose Alberto Hernandez

Ádám Sághy

JSON