Authorization Bypass Vulnerability in Apache Fineract by Apache
CVE-2025-58137

8.1HIGH

Key Information:

Vendor: Apache
Status: Apache Fineract
Vendor: CVE Published:; 12 December 2025

What is CVE-2025-58137?

An authorization bypass vulnerability exists in Apache Fineract that allows attackers to manipulate user-controlled keys, potentially granting them unauthorized access to sensitive functionalities. This issue has been addressed in version 1.12.1 and users are strongly urged to upgrade to version 1.13.0 for complete protection against this vulnerability.

Affected Version(s)

Apache Fineract 0 <= 1.11.0

Apache Fineract 1.12.1

References

https://lists.apache.org/thread/gz3zhoghlclch3rdnzyrdcf69...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2025
Vulnerability Reserved
Aug 26, 2025

Credit

Peter Chen

Ádám Sághy

Aleksandar Vidakovic

Víctor Romero

JSON