Apache Fineract — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in Apache Fineract, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-58137	Apache Fineract: IDOR via self-service API CWE-639	7.5^AI	High^AI	2025-12-12
CVE-2025-58130	Apache Fineract: Server Key not masked CWE-522	9.1^AI	Critical^AI	2025-12-12
CVE-2025-23408	Apache Fineract: weak password policy CWE-521	9.8^AI	Critical^AI	2025-12-12
CVE-2024-32838	Apache Fineract: SQL injection vulnerabilities in offices API endpoint CWE-89	8.8	-	2025-02-12
CVE-2024-23537	Apache Fineract: Under certain circumstances, this vulnerability allowed users, without specific permissions, to escalate their privileges to any role. CWE-269	8.4	High	2024-03-29
CVE-2024-23538	Apache Fineract: Under certain system configurations, the sqlSearch parameter was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries. CWE-89	9.9	Critical	2024-03-29
CVE-2024-23539	Apache Fineract: Under certain system configurations, the sqlSearch parameter for specific endpoints was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries. CWE-89	8.3	High	2024-03-29
CVE-2023-25197	apache fineract: SQL injection vulnerability in certain procedure calls CWE-89	9.8	-	2023-03-28
CVE-2023-25196	Apache Fineract: SQL injection vulnerability CWE-89	8.1	-	2023-03-28
CVE-2023-25195	Apache Fineract: SSRF template type vulnerability in certain authenticated users CWE-918	8.1	-	2023-03-28
CVE-2022-44635	Apache Fineract allowed an authenticated user to perform remote code execution due to path traversal CWE-22	8.8	-	2022-11-29
CVE-2020-17514	disabled hostname verificiation	7.4	-	2021-05-27
CVE-2018-20243	fineract jira 安全漏洞	7.5	-	2020-10-13
CVE-2018-11801	Apache Fineract SQL注入漏洞	9.8	-	2019-06-11
CVE-2018-11800	Apache Fineract SQL注入漏洞	9.8	-	2019-06-11
CVE-2018-1292	Apache Fineract 安全漏洞	8.1	-	2018-04-20
CVE-2018-1291	Apache Fineract 安全漏洞	8.1	-	2018-04-20
CVE-2018-1290	Apache Fineract SQL注入漏洞	9.8	-	2018-04-20
CVE-2018-1289	Apache Fineract 安全漏洞	8.8	-	2018-04-20
CVE-2017-5663	Apache Fineract 安全漏洞	8.8	-	2017-12-14

All 20 known CVE vulnerabilities affecting Apache Fineract with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

Apache Fineract — Vulnerabilities & Security Advisories 20