CVE-2023-25195

HIGH

Apache Fineract < 1.8.3 - SSRF

Title source: rule

Description

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3.

References (1)

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/m58fdjmtkfp9h4c0r4l48rv995w3qhb6

Scores

CVSS v3 8.1

EPSS 0.0013

EPSS Percentile 32.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-918

Status published

Affected Products (1)

apache/fineract < 1.8.3

Timeline

Published Mar 28, 2023

Tracked Since Feb 18, 2026