Cross-Origin Resource Sharing Vulnerability in IBM Concert Software
CVE-2025-27909

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Concert Software
Vendor: CVE Published:; 18 August 2025

What is CVE-2025-27909?

IBM Concert Software versions 1.0.0 through 1.1.0 contains a vulnerability related to cross-origin resource sharing (CORS). This security issue may allow an attacker to perform actions with elevated privileges due to insufficient restrictions on trusted domains. The failure to validate the domain name can lead to unauthorized access, highlighting the importance of implementing robust security measures to mitigate this risk. Users are advised to apply available patches to secure their installations.

Affected Version(s)

Concert Software 1.0.0 <= 1.1.0

References

https://www.ibm.com/support/pages/node/7242354

vendor-advisorypatch

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2025
Vulnerability Reserved
Mar 10, 2025