Cross-Site Scripting Vulnerability in IBM Concert Software
CVE-2025-33082

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Concert Software
Vendor: CVE Published:; 1 September 2025

What is CVE-2025-33082?

IBM Concert Software versions 1.0.0 to 1.1.0 are susceptible to cross-site scripting vulnerabilities. This security flaw allows an authenticated user to insert arbitrary JavaScript into the application's Web UI, which can manipulate its intended functionality. Consequently, it may lead to unauthorized exposure of credentials during a trusted session, posing significant risks to user data and system integrity. Organizations using affected versions should prioritize patching this vulnerability to safeguard against exploitation.

Affected Version(s)

Concert Software 1.0.0 <= 1.1.0

References

https://www.ibm.com/support/pages/node/7243699

vendor-advisorypatch

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 1, 2025
Vulnerability Reserved
Apr 15, 2025

JSON