CVE-2025-36018

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 96.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Concert
Timeline
PublishedFeb 17

Description

IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/concert1.0.02.2.0
CVEListV5ibm/concert1.0.02.1.0

🔴Vulnerability Details

2
CVEList
Multiple Vulnerabilities in IBM Concert Software.2026-02-17
GHSA
GHSA-vw2m-h749-pv59: IBM Concert 12026-02-17
CVE-2025-36018 (MEDIUM CVSS 6.5) | IBM Concert 1.0.0 through 2.1.0 for | cvebase.io