Critical Vulnerability in Apache Roller Allows Unauthorized Access After Password Change

A critical vulnerability (CVE-2025-24859, CVSS 10) in Apache Roller allows attackers to retain access even after a password change. All versions ≤6.1.4 are affected. This session management flaw impacts Apache Roller before version 6.1.5. The vulnerability allows attackers to maintain unauthorized access by exploiting a flaw in session management.