CVE-2025-32408

Name of the Vulnerable Software and Affected Versions Soffid Console versions 3.5.38 through 3.5.38 Soffid Console versions 3.6.31 through 3.6.31

Description The issue is related to the mishandling of authorization to use the pam service in Soffid Console. Additionally, necessary checks were not applied to some Java objects, which could allow a malicious agent to execute arbitrary code in the Sync Server and compromise security.

Recommendations For Soffid Console version 3.5.38, update to version 3.5.39 to resolve the issue. For Soffid Console version 3.6.31, update to version 3.6.32 to resolve the issue.