diff --git a/api/CHANGELOG.md b/api/CHANGELOG.md
index 1e0d5048bc2..ac452c5c1fa 100644
--- a/api/CHANGELOG.md
+++ b/api/CHANGELOG.md
@@ -2,6 +2,14 @@
 
 All notable changes to the **Prowler API** are documented in this file.
 
+## [1.25.1] (Prowler v5.24.1)
+
+### 🐞 Fixed
+
+- Attack Paths: Missing `tenant_id` filter while getting related findings after scan completes [(#10722)](https://github.com/prowler-cloud/prowler/pull/10722)
+
+---
+
 ## [1.25.0] (Prowler v5.24.0)
 
 ### 🔄 Changed
diff --git a/api/src/backend/tasks/jobs/attack_paths/findings.py b/api/src/backend/tasks/jobs/attack_paths/findings.py
index 56df42bf9d6..8ed5ccf3fca 100644
--- a/api/src/backend/tasks/jobs/attack_paths/findings.py
+++ b/api/src/backend/tasks/jobs/attack_paths/findings.py
@@ -248,7 +248,9 @@ def _fetch_findings_batch(
     with rls_transaction(tenant_id, using=READ_REPLICA_ALIAS):
         # Use `all_objects` to get `Findings` even on soft-deleted `Providers`
         # But even the provider is already validated as active in this context
-        qs = FindingModel.all_objects.filter(scan_id=scan_id).order_by("id")
+        qs = FindingModel.all_objects.filter(
+            tenant_id=tenant_id, scan_id=scan_id
+        ).order_by("id")
 
         if after_id is not None:
             qs = qs.filter(id__gt=after_id)