Apache released security updates to address a Critical vulnerability in Apache Roller open-source, Java-based blogging server software. An attacker could exploit the vulnerability to retain unauthorized access even after a password change. 

For a complete description of the vulnerabilities and affected systems, go to CVE-2025-24859: Apache Roller: Insufficient Session Expiration on Password Change.

IT Security 

Read more about IT Security service offerings.