CVE-2025-48747 is a medium severity vulnerability affecting Netwrix Directory Manager (formerly Imanami GroupID) versions before and including 11.0.0.0 and versions after 11.1.25134.03. The vulnerability is categorized under CWE-732, which relates to Incorrect Permission Assignment for a Critical Resource. This means that the software improperly assigns permissions to sensitive resources, potentially allowing users with limited privileges to access or manipulate critical components or data that should be restricted. The CVSS v3.1 base score is 5.0, indicating a medium impact. The vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N shows that the vulnerability is remotely exploitable over the network (AV:N), requires low attack complexity (AC:L), and requires privileges (PR:L) but no user interaction (UI:N). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially impacted component. The impact is limited to confidentiality (C:L), with no impact on integrity (I:N) or availability (A:N). No known exploits are currently reported in the wild, and no patches or vendor advisories are linked yet. The vulnerability could allow an authenticated user with some privileges to gain unauthorized read access to sensitive information or resources that should be protected, potentially leading to information disclosure within an enterprise environment. Given the nature of Netwrix Directory Manager as a tool for managing and auditing Active Directory and related directory services, improper permission assignment could expose sensitive directory data or configuration details, which could be leveraged for further attacks or reconnaissance.

For European organizations, this vulnerability poses a risk primarily to the confidentiality of directory service data managed by Netwrix Directory Manager. Since directory services often contain sensitive user and system information, unauthorized access could lead to exposure of personal data protected under GDPR, resulting in regulatory and reputational consequences. The vulnerability could facilitate insider threats or lateral movement by malicious actors who have limited privileges but can exploit the permission misconfiguration to access critical directory information. This could undermine security monitoring and auditing capabilities, affecting compliance and incident response. Organizations relying on Netwrix Directory Manager for Active Directory management should be aware that this vulnerability could weaken their internal security posture and potentially expose sensitive identity and access management data to unauthorized users.

To mitigate this vulnerability, European organizations should first verify the exact versions of Netwrix Directory Manager deployed and restrict access to the management interface to trusted administrators only. Implement strict network segmentation and firewall rules to limit exposure of the management console to internal networks. Conduct a thorough review of permission assignments within the Netwrix Directory Manager environment to identify and correct any overly permissive settings. Monitor logs and audit trails for unusual access patterns or privilege escalations. Since no patches are currently linked, organizations should engage with Netwrix support for guidance on interim fixes or workarounds. Additionally, applying the principle of least privilege to all users and service accounts interacting with the directory manager can reduce the risk. Regularly update and harden the underlying operating systems and directory services to minimize the attack surface. Finally, prepare incident response plans to quickly address any potential exploitation attempts.