Main Vulnerability Database Vulnerabilities #VU120249

#VU120249 Insufficiently protected credentials in Fineract - CVE-2025-58130

Published: December 23, 2025

Vulnerability identifier: #VU120249

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-58130

CWE-ID: CWE-522

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Fineract

Software vendor:
Apache Foundation

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to the Server Key is not masked in the application's interface. An attacker with ability to snoop on the Apache Fineract administrator can view the Server Key and use it later in attacks against the application.

Remediation

Install updates from vendor's website.

External links

https://lists.apache.org/thread/d9zpkc86zk265523tfvbr8w7gyr6onoy

#VU120249 Insufficiently protected credentials in Fineract - CVE-2025-58130

Description

Remediation

External links

Please verify you're human