CVE-2025-3240821.04.2025, 13:15In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST2.5 LOWLOCALHIGHLOWCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:NmitreCNA2.5 LOWCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:NCISA-ADPADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 3%Common Weakness EnumerationCWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.Referenceshttps://bookstack.soffid.com/books/security-advisories/page/cve-2025-32408