CVE-2025-48881

CVE-2025-48881 pertains to the valtimo-backend-libraries component. Vulnerable versions (11.0.0.RELEASE–11.3.3.RELEASE and 12.0.0.RELEASE–12.12.0.RELEASE) allow unauthorised users to list, view, edit, create or delete objects for which an object-management configuration exists; exposure of object...

CVE-2025-48881 Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users

Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by unauthorised users. If...

valtimo-backend-libraries 安全漏洞

valtimo-backend-libraries is an open source business process automation platform from Valtimo. A security vulnerability exists in valtimo-backend-libraries that originates from an unauthorized user being able to list, view, edit, create, or delete objects...

GHSA-965R-9CG9-G42P Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users

Impact All objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by unauthorised users. If object-urls are exposed via other channels, the contents of these objects can be viewed independent of object-management configurations. Attack...