CVE-2025-36158 MEDIUM

CVE-2025-36158: IBM Concert Information Disclosure

Vendor Ibm
Product Concert
Weakness CWE-674
Published November 20, 2025
Last update November 20, 2025

CVSS base score

5.1/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying.

Key dates

02Disclosure timeline

November 20, 2025 CVE published
November 20, 2025 Record updated