Insufficiently Protected Credentials in Apache Fineract by Apache
CVE-2025-58130

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Fineract
Vendor: CVE Published:; 12 December 2025

What is CVE-2025-58130?

The Insufficiently Protected Credentials vulnerability in Apache Fineract leaves sensitive information unprotected in earlier versions of the software. This weakness could potentially allow unauthorized access to user credentials and sensitive data. To mitigate risks, it is crucial for users to upgrade to version 1.12.1 or later. The latest version, 1.13.0, includes fixes that enhance security and protect against potential exploits related to this vulnerability.

Affected Version(s)

Apache Fineract 0 <= 1.11.0

Apache Fineract 1.12.1

References

https://lists.apache.org/thread/d9zpkc86zk265523tfvbr8w7g...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2025
Vulnerability Reserved
Aug 25, 2025

Credit

Peter Chen

Jose Alberto Hernandez

Ádám Sághy

JSON