CVE-2025-58130 — Insufficiently Protected Credentials in Apache Fineract

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

9.1CRITICALNVD

EPSS

0.1%

top 71.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Fineract Apache Software Foundation Apache Fineract

Timeline

PublishedDec 12

Description

Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶NVDapache/fineract< 1.12.1

▶CVEListV5apache_software_foundation/apache_fineract1.11.0

🔴Vulnerability Details

CVEList

Apache Fineract: Server Key not masked↗2025-12-12

▶

GHSA

GHSA-rgjm-h5hc-fhwv: Insufficiently Protected Credentials vulnerability in Apache Fineract↗2025-12-12

▶