Medium severity6.2NVD Advisory· Published Apr 7, 2026· Updated Apr 7, 2026

CVE-2025-13044

Description

IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.

Affected products

IBM/Concert
cpe:2.3:a:ibm:concert:*:*:*:*:*:*:*:*
Range: >=1.0.0,<=2.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7268620nvdVendor Advisory

News mentions

ServiceNow strengthens enterprise AI security with Autonomous Security & Risk platform
Help Net Security · May 6, 2026
China-Backed Hackers Are Industrializing Botnets
Dark Reading · Apr 23, 2026
Moving past bots vs. humans
Cloudflare Blog · Apr 21, 2026

cvss	0.403
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000