Apache Roller’s Epic Fail: Hackers Keep Access Even After Password Change!
A critical Apache Roller flaw, CVE-2025-24859, allows attackers to retain unauthorized access even after a password change. Affected versions up to 6.1.4 leave user sessions active, enabling attackers to exploit compromised credentials. The flaw is fixed in version 6.1.5.
Hot Take:
Apache Roller’s latest trick: Keeping the door open even after you’ve changed the locks! It seems that changing your password is as effective as changing the channel with a broken remote. Who knew cybersecurity could be this rollercoaster thrilling? Meanwhile, Apache Parquet is trying to win the ‘Most Vulnerable Software of the Year’ award with a flaw that lets hackers play puppet master with your data. Update your systems now unless you want your data to dance to a hacker’s tune!
Key Points:
- Critical vulnerability CVE-2025-24859 impacts Apache Roller, with a CVSS score of 10.0.
- Flaw allows unauthorized access even after password changes, affecting versions up to 6.1.4.
- Apache Roller 6.1.5 fixes the issue with improved session management.
- Apache Parquet’s CVE-2025-30065 also has a CVSS score of 10.0, allowing remote code execution.
- Users are advised to update their software to avoid potential exploits.