Improper Certificate Validation in IBM Concert Software
CVE-2025-33099

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Concert Software
Vendor: CVE Published:; 1 September 2025

What is CVE-2025-33099?

IBM Concert Software versions 1.0.0 through 1.1.0 are susceptible to a vulnerability that enables remote attackers to execute unauthorized actions. This is due to inadequate certificate validation, which allows attackers to exploit man-in-the-middle techniques. Users of the affected versions should take immediate measures to secure their systems.

Affected Version(s)

Concert Software 1.0.0 <= 1.1.0

References

https://www.ibm.com/support/pages/node/7243699

vendor-advisorypatch

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 1, 2025
Vulnerability Reserved
Apr 15, 2025