CVE-2025-67282

Published: Jan 9, 2026Modified: Jan 22, 2026

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profile of other user.

Affected (1)

Products: Tim Solutions: Tim Flow

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tim Solutions Tim Flow	Before 9.1.2

Related CWEs

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References (2)

https://tim-doc.atlassian.net/wiki/spaces/eng/pages/230981636/Release+Notes

Source: cve@mitre.org

Release Notes

https://www.y-security.de/news-en/tim-bpm-suite-tim-flow-multiple-vulnerabilities/

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.