CVE-2025-67281 – Multiple SQL injection vulnerabilities in TIM B... (How to Fix)

Q: What is the severity of CVE-2025-67281?

CVE-2025-67281 has a CVSS score of 5.4 (MEDIUM). Multiple SQL injection vulnerabilities in TIM BPM Suite/TIM FLOW allow authenticated users (both low-privileged and administrative) to execute arbitrary SQL commands and access database content. This affects organizations using these workflow automation platforms up to version 9.1.2.

📋 TL;DR

Multiple SQL injection vulnerabilities in TIM BPM Suite/TIM FLOW allow authenticated users (both low-privileged and administrative) to execute arbitrary SQL commands and access database content. This affects organizations using these workflow automation platforms up to version 9.1.2.

💻 Affected Systems

Products:

TIM BPM Suite
TIM FLOW

Versions: through 9.1.2

Operating Systems: Not specified

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access (low-privileged or admin users)

📦 What is this software?

Tim Flow by Tim Solutions

View all CVEs affecting Tim Flow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could exfiltrate sensitive business data, modify or delete database records, or potentially achieve remote code execution through database functions.

🟠

Likely Case

Data theft of business process information, user credentials, or other sensitive data stored in the application database.

🟢

If Mitigated

Limited to data access within the application's database scope if proper input validation and parameterized queries are implemented.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection typically has low complexity, but requires authenticated access

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 9.1.2

Vendor Advisory: https://tim-doc.atlassian.net/wiki/spaces/eng/pages/230981636/Release+Notes

Restart Required: Yes

Instructions:

1. Check current TIM BPM Suite/TIM FLOW version. 2. Upgrade to version after 9.1.2. 3. Restart application services. 4. Verify fix by testing SQL injection vectors.

🔧 Temporary Workarounds

Input Validation WAF Rules

all

Implement web application firewall rules to block SQL injection patterns

Database Permission Reduction

all

Restrict database user permissions to minimum required for application functionality

🧯 If You Can't Patch

Implement network segmentation to isolate TIM systems from sensitive databases
Enable detailed SQL query logging and monitoring for injection attempts

🔍 How to Verify

Check if Vulnerable:

Check application version in admin interface or configuration files. If version is 9.1.2 or earlier, system is vulnerable.

Check Version:

Check application admin panel or configuration files for version information

Verify Fix Applied:

After upgrade, test SQL injection vectors that were previously exploitable to confirm they are now blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns in database logs
Multiple failed login attempts followed by SQL errors
Requests containing SQL keywords like UNION, SELECT, INSERT

Network Indicators:

Unusual database connection patterns from application servers
Large data transfers from database to unexpected destinations

SIEM Query:

source="database_logs" AND ("sql injection" OR "syntax error" OR "union select")

📊 Metadata

CVE ID: CVE-2025-67281

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-89

EPSS Score: 0.03% exploit probability (8.1th percentile)

Published: January 9, 2026

Last Updated: January 22, 2026

🔗 References

https://tim-doc.atlassian.net/wiki/spaces/eng/pages/230981636/Release+Notes Release Notes
https://www.y-security.de/news-en/tim-bpm-suite-tim-flow-multiple-vulnerabilities/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67281, you might also want to check these: