CVE-2025-33102: IBM Concert Software information disclosure
Published Sep 1, 2025
·Updated
IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Affected Software
3 affected components
IBM Concert Software>=1.0.0<=1.1.0
IBM Concert Software<=1.0.0-1.1.0
IBM Concert>=1.0.0<2.0.0
Remediation
Information
IBM strongly recommends addressing these vulnerabilities now by upgrading to IBM Concert Software 2.0.0
Download IBM Concert Software 2.0.0 from Container software library section of IBM Entitled Registry ( ICR https://myibm.ibm.com/products-services/containerlibrary ) and follow installation instructions https://www.ibm.com/docs/en/concert depending on the type of deployment.
Event History
Sep 1, 2025
CVE Published
via IBM·12:00 AM
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
CVE Published
via MITRE·02:18 PM
Data Sourced
via MITRE·02:18 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·03:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-33102?
The severity of CVE-2025-33102 is considered high due to the potential for sensitive information decryption.
2
How do I fix CVE-2025-33102?
To resolve CVE-2025-33102, update IBM Concert Software to version 1.1.1 or later where stronger cryptographic algorithms are implemented.
3
What versions of IBM Concert Software are affected by CVE-2025-33102?
IBM Concert Software versions 1.0.0 through 1.1.0 are affected by CVE-2025-33102.
4
What type of attack is associated with CVE-2025-33102?
CVE-2025-33102 is associated with cryptographic attacks that may allow for sensitive information decryption.
5
Can CVE-2025-33102 be exploited remotely?
CVE-2025-33102 can potentially be exploited remotely if attackers gain access to the encryption keys.