CVE-2025-58137
CVE-2025-58137 describes an Authorization Bypass via a User-Controlled Key in Apache Fineract (IDOR). Affected product: Apache Fineract up to 1.11.0; fixed in 1.12.1, with guidance to upgrade to 1.13.0. Root cause per CNVD: insecure direct object reference (IDOR) leading to authorization bypass. ...