Unauthorized Access Vulnerability in Valtimo Business Process Automation Platform
CVE-2025-48881

8.3HIGH

Key Information:

Vendor: Valtimo-platform
Status: Valtimo-backend-libraries
Vendor: CVE Published:; 30 May 2025

🔔 Create Valtimo-platform Vulnerability Alert

What is CVE-2025-48881?

The Valtimo Business Process Automation platform reveals a significant security flaw that allows unauthorized users to list, view, edit, create, or delete objects within the system. The vulnerability exists in multiple versions, specifically from 11.0.0.RELEASE through 11.3.3.RELEASE and 12.0.0.RELEASE through 12.12.0.RELEASE. If object URLs are exposed via unsecured channels, attackers can gain access to these objects regardless of any existing object-management configurations. Currently, no official patches have been released, and users are advised to implement a temporary workaround by overriding the endpoint security settings, although this may lead to functionality loss.

Affected Version(s)

valtimo-backend-libraries >= 11.0.0.RELEASE, <= 11.3.3.RELEASE <= 11.0.0.RELEASE, 11.3.3.RELEASE

valtimo-backend-libraries >= 12.0.0.RELEASE, < 12.13.0.RELEASE < 12.0.0.RELEASE, 12.13.0.RELEASE

References

https://github.com/valtimo-platform/valtimo-backend-libra...

x_refsource_CONFIRM

https://github.com/valtimo-platform/valtimo-backend-libra...

x_refsource_MISC

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2025
Vulnerability Reserved
May 27, 2025

JSON