Insufficiently protected credentials in Fineract - CVE-2025-58130
Published: December 23, 2025
Vulnerability identifier: #VU120249
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-58130
CWE-ID: CWE-522
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Apache Foundation
Affected software:
Fineract
Fineract
Detailed vulnerability description
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to the Server Key is not masked in the application's interface. An attacker with ability to snoop on the Apache Fineract administrator can view the Server Key and use it later in attacks against the application.
How to mitigate CVE-2025-58130
Install updates from vendor's website.