Symlink Vulnerability in IBM Concert Affects Multiple Versions
CVE-2025-13044

6.2MEDIUM

Key Information:

Vendor

IBM

Status
Vendor
CVE Published:
7 April 2026

What is CVE-2025-13044?

IBM Concert versions 1.0.0 through 2.2.0 have a vulnerability that allows local users to exploit predictable temporary file names. This can lead to unauthorized file overwrites via symlink attacks, posing potential security threats to the integrity of the system and its data. It is crucial for users of affected versions to apply relevant patches to mitigate these risks.

Affected Version(s)

Concert 1.0.0 <= 2.2.0

References

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.