CVE 8.8 HIGH

Multiple Vulnerabilities in IBM Concert Software_CVE-2025-33015

January 20, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.

AI Analysis

Malicious file upload vulnerability due to lack of content validation

Basic Information

ID CVE-2025-33015

Source ibm

Published Jan 20, 2026 at 15:04

Affected Product

Vendor IBM

Product Concert

Version 1.0.0

Affected Versions IBM Concert 1.0.0

CWE Classification

CWE-434

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor IBM

Product Concert

Version 1.0.0 through 2.1.0

References

www.ibm.com /support/pages/node/7257006

{
    "lastseen": "",
    "description": "IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.",
    "published": "2026-01-20T15:04:21.300Z",
    "modified": "2026-01-20T15:04:21.300Z",
    "type": "cve",
    "title": "Multiple Vulnerabilities in IBM Concert Software",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7257006",
    "id": "CVE-2025-33015",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "IBM Concert 1.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Concert",
    "version": "1.0.0",
    "vendor": "IBM",
    "ai_description": "Malicious file upload vulnerability due to lack of content validation",
    "ai_severity": "High",
    "ai_vendor": "IBM",
    "ai_product": "Concert",
    "ai_version": "1.0.0 through 2.1.0",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply