{"cve":{"cve_id":"CVE-2023-25196","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.01297,"epss_percentile":0.66656,"epss_as_of":"2026-06-23","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract.\nAuthorized users may be able to change or add data in certain components.  \n\nThis issue affects Apache Fineract: from 1.4 through 1.8.2.\n\n","published_at":"2023-03-28T11:16:57.603000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-89"],"nvd_references":["https://lists.apache.org/thread/m9x3vpn3bry4fympkzxnnz4qx0oc0w8m"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:27:25.549714Z"},"effective_severity":null,"badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"apache-software-foundation","vendor_name":"Apache Software Foundation","product_slug":"apache-fineract","product_name":"Apache Fineract","version_start":"1.4","version_start_inclusive":true,"version_end":"1.8.2","version_end_inclusive":true,"cpe23_uri":"cve5:apache-software-foundation:apache-fineract:1.4:1.8.2"}],"exploit_refs":[],"news":[],"references":[{"url":"https://lists.apache.org/thread/m9x3vpn3bry4fympkzxnnz4qx0oc0w8m","source_type":"MAILING_LIST","tags":["mailing-list"]}],"timeline":[{"type":"published","at":"2023-03-28T11:16:57.603000Z","label":"CVE published","source":null},{"type":"ssvc_changed","at":"2026-06-29T01:27:25.549714Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:27:25.549714Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:27:25.549714Z","label":"SSVC decision revised","source":"vulnrichment"}]}