From 3154b63951602a71fe331a544a22346358010930 Mon Sep 17 00:00:00 2001
From: CVE Team <cve-request@mitre.org>
Date: Mon, 21 Apr 2025 13:00:35 +0000
Subject: [PATCH] "-Synchronized-Data."

---
 2025/2xxx/CVE-2025-2582.json   |  4 +--
 2025/2xxx/CVE-2025-2583.json   |  4 +--
 2025/32xxx/CVE-2025-32408.json | 56 ++++++++++++++++++++++++++++++----
 3 files changed, 54 insertions(+), 10 deletions(-)

diff --git a/2025/2xxx/CVE-2025-2582.json b/2025/2xxx/CVE-2025-2582.json
index e84e8aff727..8f491bcf260 100644
--- a/2025/2xxx/CVE-2025-2582.json
+++ b/2025/2xxx/CVE-2025-2582.json
@@ -11,11 +11,11 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the file ManageAttachments.php. The manipulation of the argument Notice leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure."
+                "value": "** DISPUTED ** A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the file ManageAttachments.php. The manipulation of the argument Notice leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification."
             },
             {
                 "lang": "deu",
-                "value": "Eine Schwachstelle wurde in SimpleMachines SMF 2.1.4 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei ManageAttachments.php. Dank der Manipulation des Arguments Notice mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+                "value": "** DISPUTED ** Eine Schwachstelle wurde in SimpleMachines SMF 2.1.4 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei ManageAttachments.php. Dank der Manipulation des Arguments Notice mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Bisher konnte die Existenz der vermeintlichen Schwachstelle noch nicht eindeutig nachgewiesen werden."
             }
         ]
     },
diff --git a/2025/2xxx/CVE-2025-2583.json b/2025/2xxx/CVE-2025-2583.json
index 160a24311b4..cdb1c99db16 100644
--- a/2025/2xxx/CVE-2025-2583.json
+++ b/2025/2xxx/CVE-2025-2583.json
@@ -11,11 +11,11 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "A vulnerability was found in SimpleMachines SMF 2.1.4. It has been classified as problematic. This affects an unknown part of the file ManageNews.php. The manipulation of the argument subject/message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure."
+                "value": "** DISPUTED ** A vulnerability was found in SimpleMachines SMF 2.1.4. It has been classified as problematic. This affects an unknown part of the file ManageNews.php. The manipulation of the argument subject/message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification."
             },
             {
                 "lang": "deu",
-                "value": "Es wurde eine Schwachstelle in SimpleMachines SMF 2.1.4 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei ManageNews.php. Dank Manipulation des Arguments subject/message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+                "value": "** DISPUTED ** Es wurde eine Schwachstelle in SimpleMachines SMF 2.1.4 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei ManageNews.php. Dank Manipulation des Arguments subject/message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt."
             }
         ]
     },
diff --git a/2025/32xxx/CVE-2025-32408.json b/2025/32xxx/CVE-2025-32408.json
index 53a4a1509d4..0c6f600aa11 100644
--- a/2025/32xxx/CVE-2025-32408.json
+++ b/2025/32xxx/CVE-2025-32408.json
@@ -1,17 +1,61 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
-        "ID": "CVE-2025-32408",
         "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ID": "CVE-2025-32408",
+        "STATE": "PUBLIC"
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "In Soffid Console 3.5.38 before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://bookstack.soffid.com/books/security-advisories/page/cve-2024-39669",
+                "url": "https://bookstack.soffid.com/books/security-advisories/page/cve-2024-39669"
             }
         ]
     }