CVE-2025-67282

Name of the Vulnerable Software and Affected Versions TIM BPM Suite/TIM FLOW versions through 9.1.2

Description The software contains multiple authorization bypass issues. A user with low privileges can download password hashes belonging to other users, access work items owned by other users, modify restricted content within workflows, alter the application's logo, and manipulate other user profiles.

Recommendations Update to a version later than 9.1.2. At the moment, there is no information about a newer version that contains a fix for this vulnerability.