Privilege Escalation Vulnerability in IBM Concert Product
CVE-2025-64645

7.7HIGH

Key Information:

Vendor: IBM
Status: Concert
Vendor: CVE Published:; 26 December 2025

What is CVE-2025-64645?

IBM Concert versions 1.0.0 through 2.1.0 are susceptible to a local user exploitation scenario that arises from a race condition involving symbolic links. This vulnerability could potentially allow unauthorized users to escalate their privileges within the system, leading to unauthorized access and control.

Affected Version(s)

Concert 1.0.0 <= 2.1.0

References

https://www.ibm.com/support/pages/node/7255549

vendor-advisorypatch

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2025
Vulnerability Reserved
Nov 6, 2025

JSON