CVE-2025-58137

CVE-2025-58137: Apache Fineract: IDOR via self-service API

Vendor Apache Software Foundation

Product Apache Fineract

Weakness CWE-639 · IDOR

Published December 12, 2025

Last update December 12, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release.

Key dates

Disclosure timeline

December 12, 2025 CVE published

December 12, 2025 Record updated