A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4 are affected. A critical vulnerability, tracked as CVE-2025-24859 (CVSS score of 10.0), affects the Apache Roller open-source, Java-based blogging server software. The flaw is a session management issue that impacts in Apache Roller before version 6.1.5 where … Continue reading Critical Apache Roller flaw allows to retain unauthorized access even after a password change