CVE-2025-9193 is an open redirect vulnerability identified in the TOTVS Portal Meu RH product, specifically affecting versions up to 12.1.17. The vulnerability resides in the Password Reset Handler component, where manipulation of the 'redirectUrl' parameter can lead to an open redirect condition. This means an attacker can craft a URL that appears to be legitimate but redirects users to a malicious external site. The vulnerability can be exploited remotely without authentication, although user interaction is required to trigger the redirect. The CVSS 4.0 score is 5.1 (medium severity), reflecting that the attack vector is network-based with low attack complexity, no privileges required, but requires user interaction. The impact on confidentiality and availability is minimal, but integrity is slightly affected due to potential phishing or social engineering attacks leveraging the redirect. The vendor has stated that this vulnerability affects only unsupported versions of the product and that currently supported releases ignore the 'redirectUrl' parameter, preventing malicious redirection. Upgrading to versions 12.1.2410.274, 12.1.2502.178, or 12.1.2506.121 is recommended to mitigate the issue. No known exploits are currently in the wild, but proof-of-concept code has been published, increasing the risk of exploitation.

For European organizations using TOTVS Portal Meu RH versions up to 12.1.17, this vulnerability poses a risk primarily related to phishing and social engineering attacks. An attacker could exploit the open redirect to trick employees into visiting malicious websites, potentially leading to credential theft or malware infection. While the vulnerability does not directly compromise system confidentiality or availability, the indirect consequences could be significant if attackers use the redirect to facilitate further attacks. Organizations in sectors with sensitive HR data or critical infrastructure could face reputational damage and regulatory scrutiny if such attacks succeed. Since the affected versions are no longer supported, organizations still running these versions are at increased risk due to the lack of official patches and support.

European organizations should prioritize upgrading TOTVS Portal Meu RH to the latest supported versions (12.1.2410.274, 12.1.2502.178, or 12.1.2506.121) where the vulnerability is addressed. For environments where immediate upgrade is not feasible, implementing web application firewalls (WAF) with rules to detect and block suspicious redirect URL parameters can reduce risk. Additionally, organizations should conduct user awareness training focused on recognizing phishing attempts and suspicious links, especially those involving password reset or HR portals. Monitoring web server logs for unusual redirectUrl parameter usage can help detect exploitation attempts. Finally, organizations should review and restrict access to the Password Reset Handler component to trusted networks or users where possible to limit exposure.