CVE-2025-33015
published 2026-01-20CVE-2025-33015: IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | concert | >= 1.0.0 < 2.2.0 | 2.2.0 |
| ibm | concert | 1.0.0 – 2.1.0 | — |