Vulnerability in Valtimo Business Process Automation Platform Affects Data Security
CVE-2025-58059

9.1CRITICAL

Key Information:

Vendor: Valtimo-platform
Status: Valtimo-backend-libraries
Vendor: CVE Published:; 28 August 2025

🔔 Create Valtimo-platform Vulnerability Alert

What is CVE-2025-58059?

The Valtimo Business Process Automation platform has a vulnerability in versions prior to 12.16.0.RELEASE and from 13.0.0.RELEASE up until 13.1.2.RELEASE. Authorized administrators who can create and execute process definitions may exploit this vulnerability to gain unauthorized access to sensitive data and resources. This includes executing commands on the host application and extracting critical information from application properties and the host environment. For exploitation, an attacker must be logged in as an admin and possess knowledge of script execution via the Camunda/Operator engine. Upgrading to versions 12.16.0 or 13.1.2 is essential to alleviate these risks. For those who do not need scripting capabilities, disabling this function in ProcessEngineConfiguration is recommended, though it may cause unforeseen issues.

Affected Version(s)

valtimo-backend-libraries < 12.16.0.RELEASE < 12.16.0.RELEASE

valtimo-backend-libraries >= 13.0.0.RELEASE, < 13.1.2.RELEASE < 13.0.0.RELEASE, 13.1.2.RELEASE

References

https://github.com/valtimo-platform/valtimo-backend-libra...

x_refsource_CONFIRM

https://github.com/valtimo-platform/valtimo-backend-libra...

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2025
Vulnerability Reserved
Aug 22, 2025