CVE-2025-67278
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-09

Last updated on: 2026-01-09

Assigner: MITRE

Description
An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-09
Last Modified
2026-01-09
Generated
2026-06-16
AI Q&A
2026-01-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67278
EUVD
EUVD-2026-1723
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tim_solution_gmbh tim_bpm_suite *
tim_solution_gmbh tim_flow to 9.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability (CVE-2025-67278) is an Incorrect Access Control flaw in TIM BPM Suite and TIM FLOW software versions before 9.1.2. It allows a remote attacker to escalate privileges from an unauthenticated state to an authenticated service user by sending a specially crafted HTTP request. This unauthorized access can then be used to exploit additional vulnerabilities within the application. [2]

Impact Analysis

The vulnerability can allow a remote attacker to gain unauthorized access by escalating privileges without authentication. This means the attacker can act as an authenticated service user, potentially exploiting other vulnerabilities, accessing sensitive data, modifying workflows, and compromising the integrity and confidentiality of the system. [2]

Detection Guidance

Detection of this vulnerability involves monitoring for crafted HTTP requests that attempt to escalate privileges remotely. Since the vulnerability exploits incorrect access control via HTTP requests, inspecting web server logs for unusual or unauthorized HTTP requests targeting TIM BPM Suite or TIM FLOW prior to version 9.1.2 can help identify exploitation attempts. Specific commands are not provided in the resources, but general approaches include using web server log analysis tools or intrusion detection systems to filter for suspicious HTTP requests. Additionally, network traffic capture tools like tcpdump or Wireshark can be used to analyze HTTP traffic for anomalies. [2]

Mitigation Strategies

Immediate mitigation steps include upgrading TIM BPM Suite and TIM FLOW to version 9.1.2 or later, as this version contains fixes for the vulnerability. The vendor has released updates that address this and other related security issues. Additionally, following OWASP guidelines such as the SQL Injection Prevention Cheat Sheet, Authorization Cheat Sheet, and Password Storage Cheat Sheet is recommended to enhance overall security posture. Employing the updated Wildfly version 37.0.1 as mandated by the release notes can also help improve security. Blocking suspicious users automatically via the enhanced LDAP Timer feature in the updated versions may provide additional protection. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67278. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart