logo_clicknbuy.png

CVE-2025-9193 – TOTVS Portal Meu RH Open Redirect Vulnerability

The following table lists the changes that have been made to the
CVE-2025-9193 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Aug. 20, 2025

    Action Type Old Value New Value
    Added Tag unsupported-when-assigned
    Added Description A flaw has been found in TOTVS Portal Meu RH up to 12.1.17. Impacted is an unknown function of the component Password Reset Handler. Executing manipulation of the argument redirectUrl can lead to open redirect. The attack may be performed from a remote location. The exploit has been published and may be used. Upgrading to version 12.1.2410.274, 12.1.2502.178 and 12.1.2506.121 is recommended to address this issue. It is recommended to upgrade the affected component. The vendor explains, that “[o]ur internal validation (…) confirms that the reported behavior does not exist in currently supported releases. In these tests, the redirectUrl parameter is ignored, and no malicious redirection occurs.” This vulnerability only affects products that are no longer supported by the maintainer.
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
    Added CVSS V2 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
    Added CWE CWE-601
    Added Reference https://drive.google.com/file/d/1iorjSJ8gh3hTDZUy1fHyV-TJXFP43yIo/view?usp=sharing
    Added Reference https://vuldb.com/?ctiid.320579
    Added Reference https://vuldb.com/?id.320579
    Added Reference https://vuldb.com/?submit.636360
Share the Post:

Related Posts