Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Apache Roller
Alerts

Critical Vulnerability in Apache Roller

16 April 2025

Apache Software Foundation has released updates addressing a critical vulnerability affecting their Apache Roller. Users and administrators of the affected product versions are advised to update to the latest versions immediately.

Apache Software Foundation has released updates addressing a critical vulnerability (CVE-2025-24859) affecting their Apache Roller open-source, a Java-based blogging server software. The vulnerability has a Common Vulnerability Scoring System (CVSSv4.0) score of 10 out of 10.

Successful exploitation of the session management vulnerability could allow an attacker to retain access to the application even after the user's password has been changed, which may potentially allow persistent unauthorised access if the credentials were previously compromised.

This vulnerability affects Apache Roller versions prior to version 6.1.5.

Users and administrators of the affected product versions are advised to update to the latest versions immediately.

More information available here:

https://lists.apache.org/thread/4j906k16v21kdx8hk87gl7663sw7lg7f

https://nvd.nist.gov/vuln/detail/CVE-2025-24859

https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html

Back to top