Primary

Context

Apache Fineract Authorization Bypass Vulnerability Allowing IDOR

Vulnerability

Patched

An authorization bypass vulnerability allowing insecure direct object references (IDOR) has been identified in Apache Fineract versions prior to 1.11.0. This vulnerability arises from user-controlled keys that can bypass authorization checks, potentially leading to unauthorized access or manipulation of resources through the self-service API.

Impact

Exploitation of this vulnerability could lead to unauthorized access or modification of resources by bypassing authorization controls, allowing users to manipulate data or actions they should not have access to.

Remediation

Users are advised to upgrade to Apache Fineract version 1.12.1 or later. The latest release is version 1.13.0.

Added: Dec 12, 2025, 10:19 AM

Updated: Dec 12, 2025, 3:31 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

5.0

exploitability

6.2

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

5.0

exploitability

6.2

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Fineract Authorization Bypass Vulnerability Allowing IDOR

Vulnerability

Impact

Remediation

Affected Products

Apache Fineract

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating