Insecure Credential Storage in IBM Concert Software by IBM
CVE-2025-33100

6.2MEDIUM

Key Information:

Vendor: IBM
Status: Concert Software
Vendor: CVE Published:; 18 August 2025

What is CVE-2025-33100?

IBM Concert Software versions 1.0.0 and 1.1.0 reveal a serious vulnerability due to the presence of hard-coded credentials. These credentials include sensitive information such as passwords or cryptographic keys, which are used for inbound authentication, outbound communication with external services, and the encryption of internal data. This design flaw significantly compromises the software's security, potentially allowing unauthorized access and data breaches.

Affected Version(s)

Concert Software 1.0.0 <= 1.1.0

References

https://www.ibm.com/support/pages/node/7242354

vendor-advisorypatch

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2025
Vulnerability Reserved
Apr 15, 2025