CVE-2025-33081: Multiple Vulnerabilities in IBM Concert Software.
Published Jan 21, 2026
·Updated
IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user.
Affected Software
3 affected components
IBM Concert Software<=1.0.0-2.1.0
All of the following
IBM Concert>=1.0.0<2.2.0
Linux Linux kernel
Remediation
Information
IBM strongly recommends addressing the vulnerability now by upgrading to IBM Concert Software 2.2.0
Download IBM Concert Software 2.2.0 from Container software library section of IBM Entitled Registry ( ICR https://myibm.ibm.com/products-services/containerlibrary ) and follow installation instructions https://www.ibm.com/docs/en/concert depending on the type of deployment.
Event History
Jan 21, 2026
CVE Published
via IBM·12:00 AM
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Feb 3, 2026
CVE Published
via MITRE·10:14 PM
Data Sourced
via MITRE·10:14 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·11:16 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-33081?
CVE-2025-33081 has been assessed with a moderate severity level due to the potential exposure of sensitive information.
2
How do I fix CVE-2025-33081?
To remediate CVE-2025-33081, ensure that log files do not store sensitive information or implement appropriate access controls to restrict access to log files.
3
What versions of IBM Concert Software are affected by CVE-2025-33081?
IBM Concert Software versions 1.0.0 through 2.1.0 are affected by CVE-2025-33081.
4
What type of information is at risk in CVE-2025-33081?
CVE-2025-33081 risks exposing potentially sensitive information stored in log files.
5
Who can access the sensitive information in CVE-2025-33081?
Local users with access to the system can read the potentially sensitive information exposed by CVE-2025-33081.