CVE 8.5 HIGH

Apache Fineract: weak password policy_CVE-2025-23408

December 12, 2025 invoker category_cve

8.5 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Description

Weak Password Requirements vulnerability in Apache Fineract.

This issue affects Apache Fineract: through 1.10.1. The issue is fixed in version 1.11.0.

Users are encouraged to upgrade to version 1.13.0, the latest release.

AI Analysis

Weak password requirements vulnerability allowing unauthorized access

Basic Information

ID CVE-2025-23408

Source apache

Published Dec 12, 2025 at 09:18

Modified Dec 12, 2025 at 10:06

Affected Product

Vendor Apache Software Foundation

Product Apache Fineract

Affected Versions Apache Software Foundation Apache Fineract 0

CWE Classification

CWE-521

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Apache Software Foundation

Product Apache Fineract

Version through 1.10.1

References

lists.apache.org /thread/bdlb6wl968yh1n48mr5npsk2spo6dncf

{
    "lastseen": "",
    "description": "Weak Password Requirements vulnerability in Apache Fineract.\n\nThis issue affects Apache Fineract: through 1.10.1.\u00a0The issue is fixed in version 1.11.0.\n\nUsers are encouraged to upgrade to version 1.13.0, the latest release.",
    "published": "2025-12-12T09:18:59.147Z",
    "modified": "2025-12-12T10:06:07.346Z",
    "type": "cve",
    "title": "Apache Fineract: weak password policy",
    "source": "apache",
    "references": "https://lists.apache.org/thread/bdlb6wl968yh1n48mr5npsk2spo6dncf",
    "id": "CVE-2025-23408",
    "bulletinFamily": "",
    "cwe": [
        "CWE-521"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache Fineract 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache Fineract",
    "version": "0",
    "vendor": "Apache Software Foundation",
    "ai_description": "Weak password requirements vulnerability allowing unauthorized access",
    "ai_severity": "High",
    "ai_vendor": "Apache Software Foundation",
    "ai_product": "Apache Fineract",
    "ai_version": "through 1.10.1",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply