CVE-2025-23408
MEDIUMApache Fineract <1.10.1 - Info Disclosure
Title source: llmDescription
Weak Password Requirements vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.10.1. The issue is fixed in version 1.11.0. Users are encouraged to upgrade to version 1.13.0, the latest release.
Scores
CVSS v3
6.5
EPSS
0.0016
EPSS Percentile
36.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Classification
CWE
CWE-521
Status
published
Affected Products (1)
apache/fineract
< 1.11.0
Timeline
Published
Dec 12, 2025
Tracked Since
Feb 18, 2026