CVE-2025-67282
Unknown
Unknown - Not Provided
BaseFortify
Vulnerability report for CVE-2025-67282, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-01-09
Last updated on: 2026-01-09
Assigner: MITRE
Description
Description
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profile of other user.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tim_solutions_gmbh | tim_bpm_suite | 9.1.2 |
| tim_solutions_gmbh | tim_bpm_suite | to 9.1.2 (exc) |
| tim_solutions_gmbh | tim_flow | 9.1.2 |
| tim_solutions_gmbh | tim_flow | to 9.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |