Plattform
ibm
Komponente
ibm-concert
Behoben in
2.2.1
CVE-2025-13044 affects IBM Concert versions 1.0.0 through 2.2.0. The vulnerability arises from the creation of temporary files with predictable names, enabling a local attacker to leverage a symlink attack to overwrite arbitrary files. This poses a risk to data integrity and system stability, and upgrading to a patched version is crucial.
The impact of CVE-2025-13044 is primarily data corruption and potential system instability. A local attacker can create a symbolic link pointing to a sensitive file, then trick the application into writing to the temporary file. Because the temporary file name is predictable, the attacker can manipulate the symlink to overwrite the target file. This could lead to the modification or deletion of critical configuration files, application binaries, or user data. The blast radius is limited to the local system, but the consequences can be severe if the overwritten files are essential for system operation. This vulnerability highlights the importance of secure temporary file handling.
CVE-2025-13044 was published on 2026-04-07 with a CVSS score of 6.2 (MEDIUM). It is a local privilege escalation vulnerability. The likelihood of exploitation is considered medium, as it requires local access to the system. No known public proof-of-concept (POC) code has been released, but the vulnerability is relatively straightforward to exploit. Check IBM's security bulletins for further details and advisories.
Systems administrators managing IBM Concert deployments are at risk. Specifically, environments with weak file system permissions or where local user accounts have excessive privileges are particularly vulnerable. Shared hosting environments running IBM Concert are also at increased risk due to the potential for cross-tenant exploitation.
• linux / server:
find /opt/ibm/concert/tmp -type l -print # Check for symlinks in Concert's temporary directory
journalctl -u ibm-concert | grep -i 'temporary file'disclosure
Exploit-Status
EPSS
0.01% (0% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-13044 is to upgrade IBM Concert to version 2.2.1 or later, which addresses the predictable temporary file naming issue. If immediate upgrade is not possible, restrict access to the temporary file directory. Implement strict file permissions to prevent unauthorized users from creating symbolic links within the directory. Consider using a more secure temporary file naming scheme that incorporates random or unpredictable elements. Regularly monitor system logs for suspicious file activity, particularly the creation or modification of files in the temporary directory. After upgrade, confirm by attempting to create a symlink to a sensitive file and verifying that the application does not allow overwriting.
Aplique la actualización de seguridad proporcionada por IBM Concert a la versión 2.2.1 o superior para mitigar el riesgo de sobrescritura de archivos. Revise la configuración del sistema para asegurar que los permisos de los archivos temporales sean restrictivos y que no se puedan crear enlaces simbólicos que apunten a ubicaciones críticas.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-13044 is a medium severity vulnerability in IBM Concert versions 1.0.0–2.2.0 that allows local users to overwrite arbitrary files via a symlink attack due to predictable temporary filenames.
You are affected if you are running IBM Concert versions 1.0.0 through 2.2.0 and have not upgraded to version 2.2.1 or later. Local users on your system could potentially exploit this vulnerability.
Upgrade IBM Concert to version 2.2.1 or later. As a temporary workaround, restrict file system permissions and symlink creation in the Concert's working directory.
There are no confirmed reports of active exploitation at this time, but the vulnerability's ease of exploitation means it could be targeted.
Please refer to the official IBM Security Bulletin for details: [https://www.ibm.com/support/kbdoc/firstdoc?docid=instance/common/dispatch?url=/hw/ss/securityadvisories/ic43616]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.