CVE-2025-9193
BaseFortify
Publication date: 2025-08-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totvs | portal_meu_rh | 12.1.2410.274 |
| totvs | portal_meu_rh | 12.1.17 |
| totvs | portal_meu_rh | 12.1.2506.121 |
| totvs | portal_meu_rh | 12.1.2502.178 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an open redirect flaw in the Password Reset Handler component of TOTVS Portal Meu RH versions up to 12.1.17. By manipulating the redirectUrl argument, an attacker can cause the application to redirect users to a malicious external site. This can be exploited remotely and the exploit has been published. The issue is fixed in later versions, and the vendor states that supported releases do not have this behavior.
How can this vulnerability impact me? :
The vulnerability can lead to users being redirected to malicious websites, potentially enabling phishing attacks or other social engineering exploits. This can compromise user trust and may lead to further security issues if users are tricked into providing sensitive information.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the affected TOTVS Portal Meu RH component to one of the fixed versions: 12.1.2410.274, 12.1.2502.178, or 12.1.2506.121. This is recommended to address the open redirect vulnerability in the Password Reset Handler component.