A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4 are affected. A critical vulnerability, tracked as CVE-2025-24859 (CVSS score of 10.0), affects the Apache Roller open-sourc…
Critical Apache Roller flaw allows to retain unauthorized access even after a password change
Published on April 15, 2025 by Banzai