CVE-2025-33015 — Unrestricted File Upload in IBM Concert

Severity

8.8HIGHNVD

EPSS

0.1%

top 82.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJan 20

Description

IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

▶NVDibm/concert1.0.0 — 2.2.0

▶CVEListV5ibm/concert1.0.0 — 2.1.0

GHSA

GHSA-gmqg-6pjr-jj57: IBM Concert 1↗2026-01-20

▶

CVEList

Multiple Vulnerabilities in IBM Concert Software↗2026-01-20

▶