Unrated severityNVD Advisory· Published Jan 9, 2026· Updated Jan 9, 2026

CVE-2025-67281

Description

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a low privileged and administrative user to access the database and its content.

Affected products

TIM/TIM FLOWllm-create
Range: <=9.1.2
Polymita Technologies/Bpm Suitellm-fuzzy
Range: <=9.1.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tim-doc.atlassian.net/wiki/spaces/eng/pages/230981636/Release+Notesmitre
www.y-security.de/news-en/tim-bpm-suite-tim-flow-multiple-vulnerabilities/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000