Server-Side Request Forgery in IBM Concert Software
CVE-2025-36085

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Concert
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-36085?

IBM Concert Software versions 1.0.0 through 2.0.0 are susceptible to a server-side request forgery (SSRF). This vulnerability allows an authenticated attacker to exploit the system to send unauthorized requests. As a result, it could potentially enable network enumeration or assist in executing further attacks, undermining the security of the environment.

Affected Version(s)

Concert 1.0.0 <= 2.0.0

References

https://www.ibm.com/support/pages/node/7249356

vendor-advisorypatch

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Apr 15, 2025

JSON