CVE-2023-25195: Apache Fineract: SSRF template type vulnerability in certain authenticated users
First published: Tue Mar 28 2023(Updated: )
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3.
Credit: security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Fineract | >=1.4.0<=1.8.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-25195?
The severity of CVE-2023-25195 is high.
Who is affected by CVE-2023-25195?
Apache Fineract versions 1.4 through 1.8.3 are affected by CVE-2023-25195.
What is the vulnerability in CVE-2023-25195?
CVE-2023-25195 is a Server-Side Request Forgery (SSRF) vulnerability in Apache Fineract.
How can an attacker exploit CVE-2023-25195?
An attacker with limited permissions can exploit CVE-2023-25195 to gain access to the server and use it for outbound traffic.
Is there a fix available for CVE-2023-25195?
There is no known fix available for CVE-2023-25195. It is recommended to update to a newer version of Apache Fineract when one becomes available.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/title
- agent/event
- agent/description
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/apache
- canonical/apache fineract
- version/apache fineract/1.4.0
- version/apache fineract/1.8.3