CVE-2025-36085 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2025-36085

Analyzed

More Info Official Page

Source-psirt@us.ibm.com

Published At-28 Oct, 2025 | 15:16

Updated At-31 Oct, 2025 | 18:55

IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Type: Primary

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CPE Matches

IBM Corporation

>>concert>>Versions from 1.0.0(inclusive) to 2.1.0(exclusive)

cpe:2.3:a:ibm:concert:*:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>-

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-918	Primary	psirt@us.ibm.com

CWE ID: CWE-918

Type: Primary

Source: psirt@us.ibm.com

References

Hyperlink	Source	Resource
https://www.ibm.com/support/pages/node/7249356	psirt@us.ibm.com	Vendor Advisory

Hyperlink: https://www.ibm.com/support/pages/node/7249356

Source: psirt@us.ibm.com

Resource:

Vendor Advisory