CVE-2025-9193

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: TOTVS Portal Meu RH versions up to 12.1.17

Description: A flaw has been identified in the Password Reset Handler component that may allow for an open redirect. Manipulation of the redirectUrl argument can lead to a redirect to an arbitrary URL. The attack can be performed remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Recommendations: Upgrade to version 12.1.2410.274. Upgrade to version 12.1.2502.178. Upgrade to version 12.1.2506.121.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2025-9193

Affected Products

Totvs Portal Meu Rh

CVE-2025-9193

Weakness Enumeration

Related Identifiers

Affected Products

References · 8