A significant security weakness has been revealed in the Apache Roller open-source, Java-oriented blogging server application that might enable nefarious individuals to maintain unauthorized entry even following a password modification.
This defect, designated with the CVE identifier CVE-2025-24859, has been assigned a CVSS rating of 10.0, signifying the highest level of seriousness. It influences all iterations of Roller through and including 6.1.4.