CVE-2025-36149 — UI Misrepresentation / Clickjacking in IBM Concert

Severity

5.4MEDIUMNVD

CNA6.3

EPSS

0.1%

top 82.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 21

Description

IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

▶CVEListV5ibm/ibm_concert_software1.0.0 — 2.0.0

▶NVDibm/concert1.0.0 — 2.1.0

CVEList

IBM Concert Software clickjacking↗2025-11-21

▶

GHSA

GHSA-x7wx-jvcp-69v8: IBM Concert Software 1↗2025-11-21

▶