Security Vulnerability Report
中文
CVE-2025-36158 CVSS 5.1 MEDIUM

CVE-2025-36158

Published: 2025-11-20 22:15:57
Last Modified: 2025-11-21 19:50:06
Source: [email protected]

Description

IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying.

CVSS Details

CVSS Score
5.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:ibm:concert:*:*:*:*:*:*:*:* - VULNERABLE
IBM Concert 1.0.0
IBM Concert 1.1.0
IBM Concert 1.2.0
IBM Concert 1.3.0
IBM Concert 1.4.0
IBM Concert 1.5.0
IBM Concert 2.0.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-36158 PoC - IBM Concert Directory Traversal Information Disclosure # Note: This PoC is for educational and security research purposes only import os import sys import subprocess def check_vulnerability(): """ Check if IBM Concert is vulnerable to CVE-2025-36158 This script demonstrates the directory traversal via recursive copying """ print("[*] CVE-2025-36158 IBM Concert Information Disclosure Vulnerability Checker") print("[*] Target: IBM Concert versions 1.0.0 - 2.0.0") # Check if IBM Concert is installed concert_paths = [ "/opt/IBM/Concert", "/usr/local/IBM/Concert", os.path.expanduser("~/.IBM/Concert") ] concert_found = False for path in concert_paths: if os.path.exists(path): print(f"[+] Found IBM Concert installation at: {path}") concert_found = True break if not concert_found: print("[-] IBM Concert installation not found") return False # Check version version_file = os.path.join(concert_paths[0], "version") if concert_found else None if version_file and os.path.exists(version_file): with open(version_file, 'r') as f: version = f.read().strip() print(f"[+] Detected version: {version}") # Check if version is affected major_version = int(version.split('.')[0]) if version.split('.')[0].isdigit() else 0 if major_version >= 1 and major_version <= 2: print("[!] Version is within affected range (1.0.0 - 2.0.0)") print("[!] System may be vulnerable to CVE-2025-36158") return True print("[*] Version check complete") return False def exploit_directory_traversal(target_dir, output_dir): """ Simulate exploitation of directory traversal vulnerability This demonstrates how an attacker could leverage the recursive copy feature """ print(f"[*] Attempting to exploit directory traversal...") print(f"[*] Target directory: {target_dir}") print(f"[*] Output directory: {output_dir}") # This is a simulation - actual exploitation requires specific conditions sensitive_paths = [ "/etc/shadow", "/var/IBM/Concert/config/credentials.json", os.path.expanduser("~/.ssh/") ] for sensitive_path in sensitive_paths: if os.path.exists(sensitive_path): print(f"[!] Found sensitive path: {sensitive_path}") print(f"[!] This path could be accessed via the vulnerability") print("[*] Exploitation simulation complete") if __name__ == "__main__": is_vulnerable = check_vulnerability() if is_vulnerable: print("\n[!] RECOMMENDATION: Apply security patches immediately") print("[!] Reference: https://www.ibm.com/support/pages/node/7252019")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-36158", "sourceIdentifier": "[email protected]", "published": "2025-11-20T22:15:57.153", "lastModified": "2025-11-21T19:50:06.163", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.4, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-674"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:concert:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "2.1.0", "matchCriteriaId": "43072AC2-05A5-41A3-9E79-E0AF2C5AD3FF"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7252019", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.