Primary

Context

TOTVS Portal Meu RH Open Redirect Vulnerability in Password Reset Handler

Vulnerability

An open redirect vulnerability has been identified in TOTVS Portal Meu RH versions through 12.1.17. The issue arises in the Password Reset Handler component, where manipulation of the redirectUrl parameter can lead to unauthorized redirection. This vulnerability can be exploited remotely and has been publicly disclosed, with an available proof-of-concept exploit. The flaw allows attackers to redirect users to malicious external sites, facilitating phishing attacks.

Impact

Exploitation of this vulnerability could be used to conduct phishing attacks by redirecting users to malicious websites.

Remediation

Users are advised to upgrade to TOTVS Portal Meu RH versions 12.1.2410.274, 12.1.2502.178, or 12.1.2506.121.

Added: Aug 20, 2025, 12:17 AM

Updated: Aug 20, 2025, 12:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.7

remediation

7.7

relevance

0.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.7

remediation

7.7

relevance

0.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTVS Portal Meu RH Open Redirect Vulnerability in Password Reset Handler

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating