Login Sign Up

CVE-2025-36085

5.4 MEDIUM
SSRF

📋 TL;DR

IBM Concert versions 1.0.0 through 2.0.0 contain a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to make unauthorized requests from the server. This could enable network scanning, internal service enumeration, or facilitate other attacks by using the server as a proxy. Only authenticated users can exploit this vulnerability.

💻 Affected Systems

Products:
  • IBM Concert
Versions: 1.0.0 through 2.0.0
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments running affected versions are vulnerable by default. Requires authenticated access.

📦 What is this software?

Concert by Ibm

View all CVEs affecting Concert →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains access to internal services, exfiltrates sensitive data, or uses the server as a pivot point for lateral movement within the network.

🟠

Likely Case

Network enumeration revealing internal infrastructure, potential data leakage from internal services accessible to the server.

🟢

If Mitigated

Limited impact due to network segmentation, egress filtering, and proper authentication controls.

🌐 Internet-Facing: MEDIUM - Requires authentication but could expose internal network if exploited.
🏢 Internal Only: MEDIUM - Authenticated internal users could abuse this for reconnaissance or data access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated access. Exploitation involves crafting malicious requests to trigger SSRF.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply the fix as specified in IBM Security Bulletin

Vendor Advisory: https://www.ibm.com/support/pages/node/7249356

Restart Required: No

Instructions:

1. Review IBM Security Bulletin. 2. Apply the recommended fix or upgrade to a patched version. 3. Verify the fix by testing SSRF attempts.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict outbound network access from IBM Concert servers to only necessary destinations.

Input Validation

all

Implement strict input validation on all URL/request parameters used by the application.

🧯 If You Can't Patch

  • Implement strict network egress filtering to limit outbound connections from IBM Concert servers.
  • Enhance authentication monitoring and alert on suspicious authenticated user activity.

🔍 How to Verify

Check if Vulnerable:

Check IBM Concert version. If running 1.0.0 through 2.0.0, assume vulnerable.

Check Version:

Check application version through administrative interface or configuration files.

Verify Fix Applied:

Test SSRF attempts after applying patch. Attempts should be blocked or properly validated.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP/HTTPS requests from IBM Concert server
  • Requests to internal IP addresses or unusual domains from application logs

Network Indicators:

  • IBM Concert server making unexpected outbound connections to internal services

SIEM Query:

source="ibm_concert" AND (url="*://10.*" OR url="*://192.168.*" OR url="*://172.16.*")

📊 Metadata

CVE ID: CVE-2025-36085
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-918
EPSS Score: 0.04% exploit probability (10.2th percentile)
Published: October 28, 2025
Last Updated: October 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36085, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)