CVE-2025-67278
BaseFortify
Publication date: 2026-01-09
Last updated on: 2026-01-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tim_solution_gmbh | tim_bpm_suite | * |
| tim_solution_gmbh | tim_flow | to 9.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability (CVE-2025-67278) is an Incorrect Access Control flaw in TIM BPM Suite and TIM FLOW software versions before 9.1.2. It allows a remote attacker to escalate privileges from an unauthenticated state to an authenticated service user by sending a specially crafted HTTP request. This unauthorized access can then be used to exploit additional vulnerabilities within the application. [2]
How can this vulnerability impact me? :
The vulnerability can allow a remote attacker to gain unauthorized access by escalating privileges without authentication. This means the attacker can act as an authenticated service user, potentially exploiting other vulnerabilities, accessing sensitive data, modifying workflows, and compromising the integrity and confidentiality of the system. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for crafted HTTP requests that attempt to escalate privileges remotely. Since the vulnerability exploits incorrect access control via HTTP requests, inspecting web server logs for unusual or unauthorized HTTP requests targeting TIM BPM Suite or TIM FLOW prior to version 9.1.2 can help identify exploitation attempts. Specific commands are not provided in the resources, but general approaches include using web server log analysis tools or intrusion detection systems to filter for suspicious HTTP requests. Additionally, network traffic capture tools like tcpdump or Wireshark can be used to analyze HTTP traffic for anomalies. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading TIM BPM Suite and TIM FLOW to version 9.1.2 or later, as this version contains fixes for the vulnerability. The vendor has released updates that address this and other related security issues. Additionally, following OWASP guidelines such as the SQL Injection Prevention Cheat Sheet, Authorization Cheat Sheet, and Password Storage Cheat Sheet is recommended to enhance overall security posture. Employing the updated Wildfly version 37.0.1 as mandated by the release notes can also help improve security. Blocking suspicious users automatically via the enhanced LDAP Timer feature in the updated versions may provide additional protection. [1, 2]