TROYANOSYVIRUS
Voltar para CVEs

CVE-2025-67282

MEDIUM
5.4

Descricao

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profile of other user.

Detalhes CVE

Pontuacao CVSS v3.15.4
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado1/9/2026
Ultima modificacao1/22/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

tim-solutions:tim_flow

Fraquezas (CWE)

CWE-288

Referencias

https://tim-doc.atlassian.net/wiki/spaces/eng/pages/230981636/Release+Notes(cve@mitre.org)
https://www.y-security.de/news-en/tim-bpm-suite-tim-flow-multiple-vulnerabilities/(cve@mitre.org)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.