PT-2026-1875 · Unknown+1 · Tim Bpm Suite+1
Published
2026-01-09
·
Updated
2026-01-09
·
CVE-2025-67279
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
TIM BPM Suite & TIM FLOW versions prior to 9.1.2
Description
The application stores password hashes in MD5 format, which allows a remote attacker to escalate privileges.
Recommendations
Update to version 9.1.2 or later.
Fix
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tim Bpm Suite
Tim Flow