CVE-2025-13044 - Vulnerability Details - OpenCVE

IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Concert

No data.

No data.

References

Link	Providers
https://www.ibm.com/support/pages/node/7268620

History

Tue, 07 Apr 2026 07:15:00 +0000

Type	Values Removed	Values Added
Description		IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.
Title		Multiple Vulnerabilities in IBM Concert Software
First Time appeared		Ibm Ibm concert
Weaknesses		CWE-340
CPEs		cpe:2.3:a:ibm:concert:1.0.0:::::::* cpe:2.3:a:ibm:concert:2.2.0:::::::*
Vendors & Products		Ibm Ibm concert
References		https://www.ibm.com/support/pages/node/7268620
Metrics		cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-04-07T01:07:38.740Z

Updated: 2026-04-07T01:07:38.740Z

Reserved: 2025-11-11T22:42:06.302Z

Link: CVE-2025-13044

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-07T02:16:15.343

Modified: 2026-04-07T02:16:15.343

Link: CVE-2025-13044

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13044", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-11-11T22:42:06.302Z", "datePublished": "2026-04-07T01:07:38.740Z", "dateUpdated": "2026-04-07T01:07:38.740Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-04-07T01:07:38.740Z"}, "title": "Multiple Vulnerabilities in IBM Concert Software", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-340", "description": "CWE-340 Generation of Predictable Numbers or Identifiers", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "Concert", "versions": [{"status": "affected", "version": "1.0.0", "lessThanOrEqual": "2.2.0", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:concert:2.2.0:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7268620", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}}], "solutions": [{"lang": "en", "value": "IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.3.1 Download IBM Concert Software 2.3.1 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment.\n\nIBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.3.1\n\nDownload IBM Concert Software 2.3.1 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.3.1 Download IBM Concert Software 2.3.1 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment.</p><p>IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.3.1</p><p>Download IBM Concert Software 2.3.1 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment.</p>"}]}], "x_generator": {"engine": "ibm-cvegen"}, "workarounds": [{"lang": "en", "value": "None\n\nNone", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>None</p><p>None</p>"}]}]}}}