Local Authentication Impersonation Vulnerability in IBM Concert
CVE-2025-36159

6.2MEDIUM

Key Information:

Vendor: IBM
Status: Concert
Vendor: CVE Published:; 20 November 2025

What is CVE-2025-36159?

The vulnerability in IBM Concert versions 1.0.0 through 2.0.0 allows a local user to manipulate log files, enabling them to impersonate other users or obscure their true identity. This flaw arises from improper handling of output, presenting a risk of unauthorized access and potential misuse of the system. Users are encouraged to apply the necessary patches and maintain awareness of security best practices to mitigate potential threats.

Affected Version(s)

Concert 1.0.0 <= 2.0.0

References

https://www.ibm.com/support/pages/node/7252019

vendor-advisorypatch

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2025
Vulnerability Reserved
Apr 15, 2025

JSON