CVE-2025-12771

CWE-119Buffer OverflowCWE-6674 documents4 sources
Severity
7.8HIGH
EPSS
0.0%
top 99.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Concert
Timeline
PublishedDec 26

Description

IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDibm/concert1.0.02.2.0
CVEListV5ibm/concert1.0.02.1.0

🔴Vulnerability Details

2
GHSA
GHSA-737v-mrx7-86p3: IBM Concert 12025-12-26
CVEList
IBM Concert Software Improper Restriction of Operations within the Bounds of a Memory Buffer.2025-12-26

📋Vendor Advisories

1
Microsoft
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.2020-05-12
CVE-2025-12771 (HIGH CVSS 7.8) | IBM Concert 1.0.0 through 2.1.0 is | cvebase.io