Severity: important Affected versions:
- Apache Fineract through 1.11.0 - Apache Fineract 1.12.1 unaffected Description: Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release. Credit: Peter Chen (reporter) Ádám Sághy (remediation developer) Aleksandar Vidakovic (remediation reviewer) Víctor Romero (remediation reviewer) References: https://fineract.apache.org/ https://www.cve.org/CVERecord?id=CVE-2025-58137
