CVE-2025-58130CRITICAL 9.1EPSS p28.3%

CVE-2025-58130CVE-2025-58130

Description

Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.37% probability of exploitation · percentile 28.3% · 2026-06-19T12:03:05Z
Published2025-12-12
Last modified2025-12-18

Underlying weaknesses· 1

CWE-522

References

  1. https://lists.apache.org/thread/d9zpkc86zk265523tfvbr8w7gyr6onoy
  2. http://www.openwall.com/lists/oss-security/2025/12/11/6

1

TypeTargetConfidenceTier
WeaknessInsufficiently Protected Credentialscwe-5220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-58137
CVE
CVE-2025-55051
CVE
CVE-2025-52159
CVE
CVE-2025-1393
CVE
CVE-2026-45434
CVE
CVE-2025-52164
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.