CVE-2025-58130

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-58130

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58130.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-58130

Published

2025-12-12T10:15:49.223Z

Modified

2025-12-20T15:39:13.202119Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

Insufficiently Protected Credentials vulnerability in Apache Fineract.

This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1.

Users are encouraged to upgrade to version 1.13.0, the latest release.

References

Affected packages

Git / github.com/apache/fineract

Affected ranges

Type: GIT
Repo: https://github.com/apache/fineract
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c84ba089f0f2f04aff8ca14d930e3328dc78a2ce

Affected versions

1.*

1.0.0

1.1.0

1.10.0

1.11.0

1.12.0

1.2.0

1.3.0

1.4.0

1.5.0

1.7.0

1.8.0

1.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58130.json"

vanir_signatures

[
    {
        "id": "CVE-2025-58130-ad985199",
        "signature_type": "Function",
        "digest": {
            "function_hash": "247025461354035783428261568913895953285",
            "length": 742.0
        },
        "signature_version": "v1",
        "source": "https://github.com/apache/fineract/commit/c84ba089f0f2f04aff8ca14d930e3328dc78a2ce",
        "target": {
            "function": "calculateUnrecognizedInterestForClosedPeriodByInterestRecalculationStrategy",
            "file": "fineract-progressive-loan/src/main/java/org/apache/fineract/portfolio/loanaccount/domain/transactionprocessor/impl/AdvancedPaymentScheduleTransactionProcessor.java"
        },
        "deprecated": false
    },
    {
        "id": "CVE-2025-58130-dacf83b4",
        "signature_type": "Function",
        "digest": {
            "function_hash": "258811801508625934989384141179698373889",
            "length": 1017.0
        },
        "signature_version": "v1",
        "source": "https://github.com/apache/fineract/commit/c84ba089f0f2f04aff8ca14d930e3328dc78a2ce",
        "target": {
            "function": "adjustOverduePrincipalForInstallment",
            "file": "fineract-progressive-loan/src/main/java/org/apache/fineract/portfolio/loanaccount/domain/transactionprocessor/impl/AdvancedPaymentScheduleTransactionProcessor.java"
        },
        "deprecated": false
    },
    {
        "id": "CVE-2025-58130-dfdaadbb",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "138191747758501280337960127024677382029",
                "255395756862878314783565890472405382250",
                "5365675856227064694452025375135079376",
                "331257332888361575781293018629534375181",
                "199293117384997593102896058170095822260",
                "221100182536094384892271984485565355450",
                "74223737524375293603034164231074061537",
                "97800999851060569669571911513478748535",
                "267862928392344728320129751297752642657",
                "275440475449886244259590698165737049668",
                "330727221590580003342371874896986011104",
                "2175058152260346297583165779496235334",
                "194099676269294820361048358761390430291",
                "51730088082740275013536685122151133405",
                "290141532093220642307379435144962844406",
                "253835298966877416278044200935455305122",
                "51015104690728200055632743290849929888",
                "84596213177439866953171052462631784305",
                "180273124232249494992383018595902358336",
                "236492209710466230327066768749823003676",
                "173341809459466510007909743894208652771",
                "238643992063912299794608947725547896005",
                "145364953438672618517704107984324200456",
                "287612857909205842301161899324226274447",
                "118515589070690815710810658671221757056",
                "148544143335794828920886998307707163898",
                "38974284425882772250680296062765942367",
                "108587633537507210242609878158511307392",
                "165144164598132128230325941377207541487",
                "316310132344573171261707929349455732216",
                "97040418730218333081137696248327065966"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/apache/fineract/commit/c84ba089f0f2f04aff8ca14d930e3328dc78a2ce",
        "target": {
            "file": "fineract-progressive-loan/src/main/java/org/apache/fineract/portfolio/loanaccount/domain/transactionprocessor/impl/AdvancedPaymentScheduleTransactionProcessor.java"
        },
        "deprecated": false
    },
    {
        "id": "CVE-2025-58130-f81c7948",
        "signature_type": "Function",
        "digest": {
            "function_hash": "333876918323615988029307178929795569855",
            "length": 271.0
        },
        "signature_version": "v1",
        "source": "https://github.com/apache/fineract/commit/c84ba089f0f2f04aff8ca14d930e3328dc78a2ce",
        "target": {
            "function": "handleRepayment",
            "file": "fineract-progressive-loan/src/main/java/org/apache/fineract/portfolio/loanaccount/domain/transactionprocessor/impl/AdvancedPaymentScheduleTransactionProcessor.java"
        },
        "deprecated": false
    }
]