CVE-2025-27909
published 2025-08-18CVE-2025-27909: IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | concert | >= 1.0.0 < 2.0.0 | 2.0.0 |
| ibm | concert_software | 1.0.0 – 1.1.0 | — |