CVE-2025-23408 HIGH

CVE-2025-23408: Apache Fineract: weak password policy

Vendor Apache Software Foundation

Product Apache Fineract

Weakness CWE-521

Published December 12, 2025

Last update December 18, 2025

View on NVD All CVEs

CVSS base score

8.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

What the vulnerability does

Description

Weak Password Requirements vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.10.1. The issue is fixed in version 1.11.0. Users are encouraged to upgrade to version 1.13.0, the latest release.

Key dates

Disclosure timeline

December 12, 2025 CVE published

December 18, 2025 Record updated