Unauthorized Access Vulnerability in Valtimo Business Process Automation Platform
CVE-2025-48881

8.3HIGH

Key Information:

Vendor

Valtimo-platform

Status
Valtimo-backend-libraries
Vendor
CVE Published:
30 May 2025

What is CVE-2025-48881?

The Valtimo Business Process Automation platform reveals a significant security flaw that allows unauthorized users to list, view, edit, create, or delete objects within the system. The vulnerability exists in multiple versions, specifically from 11.0.0.RELEASE through 11.3.3.RELEASE and 12.0.0.RELEASE through 12.12.0.RELEASE. If object URLs are exposed via unsecured channels, attackers can gain access to these objects regardless of any existing object-management configurations. Currently, no official patches have been released, and users are advised to implement a temporary workaround by overriding the endpoint security settings, although this may lead to functionality loss.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

valtimo-backend-libraries >= 11.0.0.RELEASE, <= 11.3.3.RELEASE <= 11.0.0.RELEASE, 11.3.3.RELEASE

valtimo-backend-libraries >= 12.0.0.RELEASE, < 12.13.0.RELEASE < 12.0.0.RELEASE, 12.13.0.RELEASE

References

https://github.com/valtimo-platform/valtimo-backend-libra...
x_refsource_CONFIRM
https://github.com/valtimo-platform/valtimo-backend-libra...
x_refsource_MISC

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.