Unrated severityOSV Advisory· Published Dec 12, 2025· Updated Dec 12, 2025
Apache Fineract: IDOR via self-service API
CVE-2025-58137
Description
Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract.
This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1.
Users are encouraged to upgrade to version 1.13.0, the latest release.
Affected products
2Patches
Vulnerability mechanics
References
1- lists.apache.org/thread/gz3zhoghlclch3rdnzyrdcf69c0507wwmitrevendor-advisory
News mentions
0No linked articles in our index yet.