CVE-2025-32408

In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled.

CVSS v3 2.5 LOW

2.5^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bookstack.soffid.com/books/security-advisories/page/cve-2025-32408

Configurations

No configuration.

History

21 Apr 2025, 17:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.5~~	v2 : unknown v3 : 2.5
Summary	~~(en) In Soffid Console 3.5.38 before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security.~~	(en) In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled.
References	~~{'url': 'https://bookstack.soffid.com/books/security-advisories/page/cve-2024-39669', 'source': 'cve@mitre.org'}~~	() https://bookstack.soffid.com/books/security-advisories/page/cve-2025-32408 -

21 Apr 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-21 13:15

Updated : 2025-04-21 17:15

NVD link : CVE-2025-32408

Mitre link : CVE-2025-32408

CVE.ORG link : CVE-2025-32408

JSON object : View

Products Affected

No product.

CWE

CWE-863

Incorrect Authorization

2.5 /10