Browse all 4 CVE security advisories affecting valtimo-platform. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The valtimo-platform serves as a digital case management system for government organizations, handling sensitive citizen data and workflow automation. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its four recorded CVEs. The platform's Java-based architecture and integration with external systems have created attack surfaces for unauthorized access and data breaches. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in authentication mechanisms and input validation processes indicates ongoing security challenges that require rigorous patch management and secure coding practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34164 | Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService — valtimoCWE-532 | 4.9 | Medium | 2026-04-16 |
| CVE-2025-58059 | Valtimo scripting engine can be used to gain access to sensitive data or resources — valtimo-backend-librariesCWE-78 | 9.1 | Critical | 2025-08-28 |
| CVE-2025-48881 | Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users — valtimo-backend-librariesCWE-863 | 8.3 | High | 2025-05-30 |
| CVE-2024-34706 | @valtimo/components exposes access token to form.io — valtimo-frontend-librariesCWE-532 | 9.8 | Critical | 2024-05-13 |
This page lists every published CVE security advisory associated with valtimo-platform. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.