Platform
ibm
Component
ibm-concert
Fixed in
2.2.1
CVE-2025-13044 affects IBM Concert versions 1.0.0 through 2.2.0. This vulnerability allows a local attacker to overwrite arbitrary files on the system by exploiting the predictable naming of temporary files created by Concert. The vulnerability has been rated as medium severity (CVSS 6.2) and a fix is available in version 2.2.1.
The core of this vulnerability lies in IBM Concert's handling of temporary files. Concert creates these files with predictable names, making it possible for a malicious local user to craft a symbolic link (symlink) that points to a sensitive file. By then manipulating Concert's operations, the attacker can trick it into writing data to the symlink, effectively overwriting the target file. This could lead to privilege escalation, data corruption, or even complete system compromise, depending on the files overwritten. The impact is localized to the system running IBM Concert; there's no remote access component to this vulnerability.
This vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, suggesting a relatively low probability of immediate widespread exploitation. However, the ease of exploitation (requiring only local access and basic symlink manipulation skills) means it could be targeted by attackers with local access to vulnerable systems. The vulnerability was publicly disclosed on 2026-04-07.
Exploit Status
EPSS
0.01% (0% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade IBM Concert to version 2.2.1 or later, which addresses the predictable filename issue. If upgrading immediately is not feasible, consider implementing stricter file system permissions to limit the attacker's ability to create symlinks within the Concert's working directory. Additionally, configure your system to disable or restrict the creation of symlinks in sensitive areas. Regularly review file system access controls and audit logs for suspicious activity. After upgrade, confirm by attempting to trigger the symlink overwrite scenario and verifying that it fails.
Apply the security update provided by IBM Concert to version 2.2.1 or later to mitigate the risk of file overwrites. Review system configuration to ensure that temporary file permissions are restrictive and that symbolic links cannot be created pointing to critical locations.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-13044 is a medium severity vulnerability in IBM Concert versions 1.0.0–2.2.0 that allows local users to overwrite arbitrary files via a symlink attack due to predictable temporary filenames.
You are affected if you are running IBM Concert versions 1.0.0 through 2.2.0 and have not upgraded to version 2.2.1 or later. Local users on your system could potentially exploit this vulnerability.
Upgrade IBM Concert to version 2.2.1 or later. As a temporary workaround, restrict file system permissions and symlink creation in the Concert's working directory.
There are no confirmed reports of active exploitation at this time, but the vulnerability's ease of exploitation means it could be targeted.
Please refer to the official IBM Security Bulletin for details: [https://www.ibm.com/support/kbdoc/firstdoc?docid=instance/common/dispatch?url=/hw/ss/securityadvisories/ic43616]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.