Open Redirect Vulnerability in TOTVS Portal Meu RH by TOTVS
CVE-2025-9193

5.1MEDIUM

Key Information:

Vendor: Totvs
Status: Portal Meu Rh
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-9193?

A security flaw has been identified in the TOTVS Portal Meu RH, specifically in its Password Reset Handler. This vulnerability can allow attackers to manipulate the redirectUrl parameter, potentially leading to open redirect exploits. As a result, users could be misled to malicious websites without their knowledge. It's crucial for organizations using versions prior to 12.1.17 to upgrade to the latest versions (12.1.2410.274, 12.1.2502.178, or 12.1.2506.121) to eliminate this risk. The vendor has indicated that the current supported releases do not exhibit this behavior, reinforcing the importance of using supported versions.

Affected Version(s)

Portal Meu RH 12.1.0

Portal Meu RH 12.1.1

Portal Meu RH 12.1.2

References

https://vuldb.com/?id.320579

vdb-entrytechnical-description

https://vuldb.com/?ctiid.320579

signaturepermissions-required

https://vuldb.com/?submit.636360

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025

Totvs

What is CVE-2025-9193?

Affected Version(s)

References

CVSS V4

Timeline