A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4 are affected. A critical vulnerability, tracked as CVE-2025-24859 (CVSS score of 10.0), affects the Apache Roller open-source, Java-based blogging server software. The flaw is a session management issue that impacts in Apache Roller before version 6.1.5 where […]
First seen on securityaffairs.com
Jump to article: securityaffairs.com/176577/security/critical-apache-roller-flaw-allows-to-retain-unauthorized-access-even-after-a-password-change.html
