Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-12771
PUBLISHED
More InfoOfficial Page
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
View Known Exploited Vulnerability (KEV) details
Published At-26 Dec, 2025 | 13:01
Updated At-30 Dec, 2025 | 04:55
Rejected At-
▼CVE Numbering Authority (CNA)
IBM Concert Software Improper Restriction of Operations within the Bounds of a Memory Buffer.

IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.

Affected Products
Vendor
IBM CorporationIBM
Product
Concert
CPEs
  • cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:concert:2.1.0:*:*:*:*:*:*:*
Versions
Affected
  • From 1.0.0 through 2.1.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-119CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Type: CWE
CWE ID: CWE-119
Description: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Remediation/Fixes IBM strongly recommends addressing the vulnerabilities now by upgrading to IBM Concert Software 2.2.0 Download IBM Concert Software 2.2.0 from Container software library section of IBM Entitled Registry ( ICR ) and follow installation instructions depending on the type of deployment.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7255549
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7255549
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found