Security Vulnerability Report
中文
CVE-2025-64646 CVSS 6.2 MEDIUM

CVE-2025-64646

Published: 2026-03-25 21:16:26
Last Modified: 2026-03-26 17:51:39
Source: [email protected]

Description

IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.

CVSS Details

CVSS Score
6.2
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:ibm:concert:*:*:*:*:*:*:*:* - VULNERABLE
IBM Concert 1.0.0 - 2.2.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#include <stdio.h> #include <string.h> // Simulated PoC for CVE-2025-64646 // Demonstrates reading data from a buffer that was not cleared. void vulnerable_process() { char sensitive_data[64]; // Simulate storing sensitive information (e.g. credentials) strcpy(sensitive_data, "SECRET_TOKEN=ABC123"); // ... do some work ... // FLAW: The buffer is not cleared (memset) before being freed or reused. // memset(sensitive_data, 0, sizeof(sensitive_data)); } void exploit_read_memory() { // In a real exploit, this would involve reading the specific memory address // or heap chunk previously used by the vulnerable function. char leaked_buffer[64]; // Assume we can read the memory location where sensitive_data was memcpy(leaked_buffer, (void*)0xHEAP_ADDRESS, sizeof(leaked_buffer)); printf("[+] Leaked Information: %s\n", leaked_buffer); } int main() { vulnerable_process(); exploit_read_memory(); return 0; }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-64646", "sourceIdentifier": "[email protected]", "published": "2026-03-25T21:16:25.647", "lastModified": "2026-03-26T17:51:38.703", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources."}, {"lang": "es", "value": "IBM Concert 1.0.0 hasta 2.2.0 podría permitir a un atacante acceder a información sensible en la memoria debido a que el búfer no libera los recursos correctamente."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.5, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-14"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:concert:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndIncluding": "2.2.0", "matchCriteriaId": "2E37B307-BAA4-487B-958B-7354E39D7B2A"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7267105", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.