Authorization Bypass Vulnerability in Apache Fineract by Apache
CVE-2025-58137

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Fineract
Vendor: CVE Published:; 12 December 2025

What is CVE-2025-58137?

An authorization bypass vulnerability exists in Apache Fineract that allows attackers to manipulate user-controlled keys, potentially granting them unauthorized access to sensitive functionalities. This issue has been addressed in version 1.12.1 and users are strongly urged to upgrade to version 1.13.0 for complete protection against this vulnerability.

Affected Version(s)

Apache Fineract 0 <= 1.11.0

Apache Fineract 1.12.1

References

https://lists.apache.org/thread/gz3zhoghlclch3rdnzyrdcf69...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2025
Vulnerability Reserved
Aug 26, 2025

Credit

Peter Chen

Ádám Sághy

Aleksandar Vidakovic

Víctor Romero

JSON