5.4

CVE-2025-67282

EPSS 0.01%
Veröffentlicht 09.01.2026 00:00:00
Zuletzt bearbeitet 22.01.2026 21:32:26
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profile of other user.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tim-solutions ≫ Tim Flow Version < 9.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.013

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

https://tim-doc.atlassian.net/wiki/spaces/eng/pages/230981636/Release+Notes

Release Notes

https://www.y-security.de/news-en/tim-bpm-suite-tim-flow-multiple-vulnerabilities/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-67282

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-67282

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-67282

EUVD