CNNVD-202512-2364 Information

CNNVD ID

CNNVD-202512-2364

Related CVE

CVE-2025-58137

• CNNVD Published: 2025-12-12

Description (Chinese)

Apache Fineract是美国阿帕奇（Apache）基金会的一套开源数字金融服务平台。该平台能够为用户提供数据管理、贷款和储蓄投资组合管理以及实时财务数据等功能。 Apache Fineract 1.11.0及之前版本存在安全漏洞，该漏洞源于用户控制密钥导致的授权绕过。

Description (English)

Apache Fineract is an open-source digital financial services platform for the Apache Foundation in the United States. The platform provides users with functionality such as data management, portfolio management for loans and savings and real-time financial data. There is a security loophole in Apache Funderact 1.11.0 and previous versions, which stems from the circumvention of the authorization resulting from the user control key.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-12-12

Last Modified

2026-02-24

References

https://lists.apache.org/thread/gz3zhoghlclch3rdnzyrdcf69c0507ww http://www.openwall.com/lists/oss-security/2025/12/11/7

Patch

https://fineract.apache.org/