Close Menu
World Forbes – Business, Tech, AI & Global Insights
  • Home
  • AI
  • Billionaires
  • Business
  • Cybersecurity
  • Education
    • Innovation
  • Money
  • Small Business
  • Sports
  • Trump
What's Hot

BreachRx Lands $15 Million as Investors Bet on Breach-Workflow Software

May 19, 2025

Measure targeting pro-Palestine NGOs disappears from US tax bill | Politics News

May 19, 2025

Printer Company Procolored Served Infected Software for Months

May 19, 2025
Facebook X (Twitter) Instagram
Trending
  • BreachRx Lands $15 Million as Investors Bet on Breach-Workflow Software
  • Measure targeting pro-Palestine NGOs disappears from US tax bill | Politics News
  • Printer Company Procolored Served Infected Software for Months
  • Trump to sign bill criminalizing revenge porn and explicit deepfakes
  • Devs can now tap Microsoft Edge to power AI web apps
  • NLWeb is Microsoft’s project to bring more chatbots to web pages
  • NLWeb is Microsoft’s project to bring more chatbots to web pages
  • Microsoft wants to tap AI to accelerate scientific discovery
World Forbes – Business, Tech, AI & Global InsightsWorld Forbes – Business, Tech, AI & Global Insights
Monday, May 19
  • Home
  • AI
  • Billionaires
  • Business
  • Cybersecurity
  • Education
    • Innovation
  • Money
  • Small Business
  • Sports
  • Trump
World Forbes – Business, Tech, AI & Global Insights
Home » Critical Vulnerability Found in Apache Roller Blog Server
Cybersecurity

Critical Vulnerability Found in Apache Roller Blog Server

adminBy adminApril 16, 2025No Comments2 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email
Post Views: 30


A critical vulnerability in Apache Roller could allow attackers to abuse previous sessions to maintain persistent access even after password changes.

An open source, Java-based blog server, Roller includes a content management system, multi-user support with three permission levels, integrated search, and support for templates and themes.

Last week, Apache warned that Roller version 6.1.5 was released with patches for a critical-severity bug in the software’s session management functionality that resulted in active user sessions not being properly invalidated.

Tracked as CVE-2025-24859 (CVSS score of 10/10), the issue resulted in existing sessions remaining active even after the users changed their passwords. These sessions, Apache warned, could be used to maintain persistent access to the server.

“This allows continued access to the application through old sessions even after password changes, potentially enabling unauthorized access if credentials were compromised,” Apache explains.

All Roller versions up to and including 6.1.4 are affected by the security defect. Roller version 6.1.5 comes with a centralized session management improvement to properly invalidate all active sessions upon password changes or when a user account is disabled.

According to the release notes, the latest Roller iteration implements RollerLoginSessionManager for better session tracking and improves cache handling for user sessions.

This is the second critical-severity vulnerability with a maximum severity rating that Apache has resolved over the past two weeks, after patching CVE-2025-30065 in Apache Parquet.

Advertisement. Scroll to continue reading.

Described as the deserialization of untrusted data in the parquet-avro module, the Parquet bug could be exploited remotely for arbitrary code execution, potentially leading to complete system takeover.

Related: Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum

Related: CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days

Related: Vulnerabilities Patched by Ivanti, VMware, Zoom

Related: Exploitation of Recent Critical Apache Struts 2 Flaw Begins



Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
admin
  • Website

Related Posts

BreachRx Lands $15 Million as Investors Bet on Breach-Workflow Software

May 19, 2025

Printer Company Procolored Served Infected Software for Months

May 19, 2025

UK Legal Aid Agency Finds Data Breach Following Cyberattack

May 19, 2025

480,000 Catholic Health Patients Impacted by Serviceaide Data Leak

May 19, 2025

Spiking Neural Networks: Brain-Inspired Chips That Could Keep Your Data Safe

May 19, 2025

200,000 Harbin Clinic Patients Impacted by NRS Data Breach

May 19, 2025
Add A Comment
Leave A Reply Cancel Reply

Don't Miss
Billionaires

Here’s How Much Selena Gomez-Actress, Singer, Entrepreneur-Is Worth

May 13, 2025

Contrary to reports of her 10-figure status, Forbes estimates the Disney star turned business mogul’s…

Looking Back At Trump’s Years-Long Obsession With Oversized Airplanes

May 13, 2025

Selena Gomez’s Mental Health Startup Wondermind Lays Off Nearly Two-Thirds Of Its Employees

May 13, 2025

Billionaires And CEOs Are Seeking Personal Security At Record Rates

May 9, 2025
Our Picks

BreachRx Lands $15 Million as Investors Bet on Breach-Workflow Software

May 19, 2025

Measure targeting pro-Palestine NGOs disappears from US tax bill | Politics News

May 19, 2025

Printer Company Procolored Served Infected Software for Months

May 19, 2025

Trump to sign bill criminalizing revenge porn and explicit deepfakes

May 19, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

About Us
About Us

Welcome to World-Forbes.com
At World-Forbes.com, we bring you the latest insights, trends, and analysis across various industries, empowering our readers with valuable knowledge. Our platform is dedicated to covering a wide range of topics, including sports, small business, business, technology, AI, cybersecurity, and lifestyle.

Our Picks

Trump to sign bill criminalizing revenge porn and explicit deepfakes

May 19, 2025

NLWeb is Microsoft’s project to bring more chatbots to web pages

May 19, 2025

Devs can now tap Microsoft Edge to power AI web apps

May 19, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

Facebook X (Twitter) Instagram Pinterest
  • Home
  • About Us
  • Advertise With Us
  • Contact Us
  • DMCA Policy
  • Privacy Policy
  • Terms & Conditions
© 2025 world-forbes. Designed by world-forbes.

Type above and press Enter to search. Press Esc to cancel.