CVE-2025-32408 is an authorization vulnerability identified in Soffid Identity and Access Management (IAM) Console version 3.6.31, prior to the release of version 3.6.32. The issue is classified under CWE-863, which pertains to incorrect authorization. Specifically, the vulnerability involves improper handling of authorization checks related to the PAM (Pluggable Authentication Module) service within the Soffid Console. PAM is a critical component used for authentication tasks on Unix-like systems, and improper authorization to use this service can allow unauthorized users to perform actions that should be restricted. This flaw could enable an attacker with limited privileges to escalate their access or perform unauthorized operations within the IAM system, potentially leading to broader access control violations. The vulnerability does not require user interaction and does not currently have known exploits in the wild. The lack of a CVSS score suggests that the vulnerability's impact and exploitability have not been fully quantified, but the medium severity rating indicates a moderate risk. The issue was publicly disclosed on April 21, 2025, and no official patches or updates have been linked yet, implying that organizations using Soffid IAM 3.6.31 should prioritize mitigation efforts to prevent exploitation.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on Soffid IAM for centralized identity and access management. Unauthorized access to the PAM service through the IAM console could lead to privilege escalation, unauthorized access to sensitive systems, and potential compromise of critical infrastructure. This could affect confidentiality by exposing sensitive user credentials or access tokens, integrity by allowing unauthorized modifications to access policies or user roles, and availability if attackers disrupt authentication services. Given that IAM systems are foundational to enterprise security, exploitation could cascade into broader network compromises, affecting compliance with stringent European data protection regulations such as GDPR. Industries with high regulatory oversight, including finance, healthcare, and government sectors, are particularly at risk. The absence of known exploits suggests that the threat is currently theoretical, but the potential for damage warrants proactive measures.

European organizations using Soffid IAM version 3.6.31 should immediately plan to upgrade to version 3.6.32 or later once available, as this will contain the official fix for the authorization flaw. In the interim, organizations should implement strict access controls limiting who can access the Soffid Console and specifically the PAM service functionality. Employ network segmentation to restrict console access to trusted administrative networks only. Conduct thorough audits of user permissions within the IAM system to ensure no excessive privileges are granted. Enable detailed logging and monitoring of all PAM-related activities and console access to detect any anomalous behavior promptly. Additionally, consider deploying compensating controls such as multi-factor authentication (MFA) for console access and reviewing PAM configurations to minimize exposure. Regularly review vendor communications for patches or advisories and test updates in controlled environments before deployment. Finally, integrate this vulnerability into incident response plans to ensure rapid containment if exploitation attempts are detected.