PT-2026-1876 · Unknown+1 · Tim Bpm Suite+1

Published

2026-01-09

Updated

2026-01-09

CVE-2025-67280

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions TIM BPM Suite/ TIM FLOW versions through 9.1.2

Description The software contains multiple Hibernate Query Language injection flaws. A user with limited privileges can exploit these to obtain passwords of other users and access sensitive data.

Recommendations Versions prior to 9.1.2 are affected.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-564

Related Identifiers

CVE-2025-67280

Affected Products

Tim Bpm Suite

Tim Flow

PT-2026-1876 · Unknown+1 · Tim Bpm Suite+1

CVE-2025-67280

Weakness Enumeration

Related Identifiers

Affected Products

References · 7