Summary: A critical vulnerability in Apache Roller allows unauthorized access through active user sessions even after password changes. Assigned the CVE identifier CVE-2025-24859, this flaw has a maximum CVSS score of 10.0 and affects all versions up to 6.1.4. The issue has been resolved in version 6.1.5 by implementing centralized session management that invalidates all active sessions upon password change.
Affected: Apache Roller
Keypoints :
- Vulnerability allows continued access through old sessions despite password changes.
- CVE-2025-24859 is rated with a CVSS score of 10.0, indicating maximum severity.
- Fixed in version 6.1.5 by centralizing session management to invalidate active sessions upon password changes.
Source: https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html
Views: 18
简体中文
Nederlands
Français
Bahasa Indonesia
日本語
Português