CVE-2025-36160

CWE-497 CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

7.5HIGH

EPSS

0.1%

top 84.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Concert

Timeline

PublishedNov 20

Latest updateNov 21

Description

IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/concert1.0.0 — 2.1.0

▶CVEListV5ibm/concert1.0.0 — 2.0.0

🔴Vulnerability Details

GHSA

GHSA-87wg-jf7q-f6g8: IBM Concert 1↗2025-11-21

▶

CVEList

IBM Concert Information Disclosure↗2025-11-20

▶

📋Vendor Advisories

Microsoft

mod_proxy_uwsgi out of bound read↗2021-09-14

▶