CVE-2025-23408

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-23408
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23408.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-23408
Published
2025-12-12T10:15:48.870Z
Modified
2026-03-14T12:42:13.044475Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Weak Password Requirements vulnerability in Apache Fineract.

This issue affects Apache Fineract: through 1.10.1. The issue is fixed in version 1.11.0.

Users are encouraged to upgrade to version 1.13.0, the latest release.

References

Affected packages

Git / github.com/apache/fineract

Affected ranges

Type
GIT
Repo
https://github.com/apache/fineract
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
843b27926e516420297f40655fa734277195d773
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.11.0"
        }
    ]
}

Affected versions

1.*
1.0.0
1.1.0
1.10.0
1.2.0
1.3.0
1.4.0
1.5.0
1.7.0
1.8.0
1.9.0

Database specific

vanir_signatures 
[
    {
        "digest": {
            "length": 639.0,
            "function_hash": "9347628445577580628963985414576280286"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2025-23408-085c70d2",
        "target": {
            "function": "read",
            "file": "fineract-client/src/main/java/org/apache/fineract/client/util/JSON.java"
        },
        "source": "https://github.com/apache/fineract/commit/843b27926e516420297f40655fa734277195d773"
    },
    {
        "digest": {
            "length": 36.0,
            "function_hash": "305649019730485252077330626530199719013"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2025-23408-154680b2",
        "target": {
            "function": "getGson",
            "file": "fineract-client/src/main/java/org/apache/fineract/client/util/JSON.java"
        },
        "source": "https://github.com/apache/fineract/commit/843b27926e516420297f40655fa734277195d773"
    },
    {
        "digest": {
            "length": 438.0,
            "function_hash": "256315164792277666222912036398805328572"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2025-23408-c0dca45c",
        "target": {
            "function": "read",
            "file": "fineract-client/src/main/java/org/apache/fineract/client/util/JSON.java"
        },
        "source": "https://github.com/apache/fineract/commit/843b27926e516420297f40655fa734277195d773"
    },
    {
        "digest": {
            "length": 327.0,
            "function_hash": "92880025168722703208339919156872576385"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2025-23408-f61bee0e",
        "target": {
            "function": "read",
            "file": "fineract-client/src/main/java/org/apache/fineract/client/util/JSON.java"
        },
        "source": "https://github.com/apache/fineract/commit/843b27926e516420297f40655fa734277195d773"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "308642470757819857818150516640551090937",
                "332675022123850832472617597271624541414",
                "252278167307915141132598004662816240258",
                "76453588883399654696577334710871929994",
                "125606892241071476108067478655235572239",
                "264331516335069663938248487667774345528",
                "234954089428220502484464007037736049759",
                "290454193368831358502340904669015750414",
                "191454331914682649639412548474194139953",
                "231919495506710242249787950263063375231",
                "229794385540540024153217232433941669360",
                "85442300344594704729888435063619217467",
                "65088105814698644392002005633121194772",
                "160138870292982413219097856539710699490",
                "229795870060357358629229822840750869634",
                "30662511559997808406387168255061593",
                "318327322825510403878730354021421684450",
                "213732347276277995088524724219137203445",
                "63299486994541187248256970708330660827",
                "238411936013394263593138584320341618726",
                "170195273206072591630837182425946399496",
                "203936282417062904957561020516424430030",
                "12341861999703937862042714308545715764",
                "279429250892789904597040423247216671805",
                "311116359419577710850998077109739123904",
                "310982570714308065342416402468034088748",
                "130930951504602051478884052609236936143",
                "265368795785288800122584107763531966681",
                "338584936618766786967892131907936551502",
                "81109491888857234567616117493042521563",
                "96402877684814455947805027176010448255",
                "124973555102125774248886725912390031939",
                "91925491550550965108067922214328142923",
                "251455484382808641456540064445338150645",
                "78784782095172599949048664322033328016",
                "203936282417062904957561020516424430030",
                "36003295368091533217783628515452433876",
                "105069024220701318604387007572732118748",
                "254730529085368242634120675942164305806",
                "246887451328310701942097316327058439214",
                "296447851103192062154064903802791325253",
                "116144155894508099845524081575716620889",
                "161566304463953467056645713050590337835",
                "46412011961729215520217226890390084527",
                "40756923057216554489175452173182621284",
                "82048884717436349134874852830350967703",
                "338343175591383979477558434434879967565",
                "157205799788406257891091234066356847778",
                "77540726196511708716061817759519045541",
                "338378476387978114990925475944335127768",
                "305789624063787749225537298614366936033",
                "75048303164529976304363681729344731143",
                "281522623104110179373805983956152142823",
                "86549553122515221040146554617746620793",
                "279232309822018228870764549016331367221",
                "33187916542244675492363135046547481444",
                "256606988065471727135417234314850964587",
                "253827400529345637980437326829271059151",
                "270164070604486806571055757929377758870",
                "203936282417062904957561020516424430030",
                "12341861999703937862042714308545715764",
                "279429250892789904597040423247216671805",
                "92003503690626682245392739713599497228",
                "272212112136820272124598905684480601493",
                "245185674948364618532549756537137289027",
                "219943825859676314828801784022554203599",
                "84044018281748653451525596645697110634",
                "303017595497590018135141195916947091191",
                "303708234142824172590789497632132440465",
                "11005281173059492741401238731641342303",
                "77190018876055803332962548689122164756",
                "292213134025469198725746839621238917724",
                "108587633537507210242609878158511307392",
                "308485938997324711533619436526383417756",
                "86894020222840375818645756603209324712",
                "137183363419594308704814204394354811787",
                "235766845452916826882656826743564384554"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2025-23408-f6995c81",
        "target": {
            "file": "fineract-client/src/main/java/org/apache/fineract/client/util/JSON.java"
        },
        "source": "https://github.com/apache/fineract/commit/843b27926e516420297f40655fa734277195d773"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23408.json"