<ul><li>A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4 are affected.</li><li>A critical vulnerability, tracked as CVE-2025-24859 (CVSS score of 10.0), affects the Apache Roller open-source, Java-based blogging server software.</li><li>The flaw is a session management issue that impacts in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes.</li><li>In early April, experts warned of another critical vulnerability impacting Apache Parquet’s Java Library. The vulnerability, tracked as CVE-2025-30065 (CVSS score of 10.0), could allow remote code execution.</li></ul>

Critical Apache Roller flaw allows to retain unauthorized access even after a password change

Discover more