CVE-2025-13044

Multiple Vulnerabilities in IBM Concert Software

Assigner: ibm
Reserved: 11.11.2025 Published: 07.04.2026 Updated: 07.04.2026

IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS Score: 6.2

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	IBM
Product	Concert
Versions	affected from 1.0.0 to 2.2.0 (incl.)

Vendor

IBM

Product

Concert

Versions

affected from 1.0.0 to 2.2.0 (incl.)

Workarounds

None

Solutions

IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.3.1 Download IBM Concert Software 2.3.1 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment.

IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.3.1

Download IBM Concert Software 2.3.1 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment.

References

Problem Types

CWE-340 Generation of Predictable Numbers or Identifiers CWE