CVE-2025-58130

CVE-2025-58130: Apache Fineract: Server Key not masked

Vendor Apache Software Foundation

Product Apache Fineract

Weakness CWE-522 · Insufficiently protected credentials

Published December 12, 2025

Last update December 12, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release.

Key dates

Disclosure timeline

December 12, 2025 CVE published

December 12, 2025 Record updated