CVE-2025-36243 – IBM Concert versions 1.0.0 through 2.1.0 contai... (How to Fix)

Q: What is the severity of CVE-2025-36243?

CVE-2025-36243 has a CVSS score of 5.4 (MEDIUM). IBM Concert versions 1.0.0 through 2.1.0 contain a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to make unauthorized requests from the server. This could enable network scanning, internal service enumeration, or facilitate other attacks. Organizations running affected IBM Concert versions are at risk.

📋 TL;DR

IBM Concert versions 1.0.0 through 2.1.0 contain a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to make unauthorized requests from the server. This could enable network scanning, internal service enumeration, or facilitate other attacks. Organizations running affected IBM Concert versions are at risk.

💻 Affected Systems

Products:

IBM Concert

Versions: 1.0.0 through 2.1.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to exploit. All deployments within the affected version range are vulnerable.

📦 What is this software?

Concert by Ibm

View all CVEs affecting Concert →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains access to internal systems, exfiltrates sensitive data, or uses the server as a pivot point for lateral movement within the network.

🟠

Likely Case

Internal network enumeration, scanning of internal services, or accessing metadata services that could lead to credential exposure.

🟢

If Mitigated

Limited impact due to network segmentation, proper authentication controls, and request filtering.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

SSRF vulnerabilities are typically straightforward to exploit once the attack vector is identified. Requires authenticated access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.1 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7260162

Restart Required: Yes

Instructions:

1. Review IBM advisory. 2. Download and install IBM Concert version 2.1.1 or later. 3. Restart the Concert service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict outbound network access from IBM Concert servers to only necessary destinations

Input Validation

all

Implement strict input validation on all URL parameters and request fields

🧯 If You Can't Patch

Implement strict network egress filtering to limit outbound connections from IBM Concert servers
Monitor for unusual outbound network traffic patterns from Concert servers

🔍 How to Verify

Check if Vulnerable:

Check IBM Concert version via administrative interface or configuration files. Versions 1.0.0 through 2.1.0 are vulnerable.

Check Version:

Check application configuration or administrative console for version information

Verify Fix Applied:

Verify version is 2.1.1 or later and test SSRF functionality is no longer exploitable.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from Concert server
Requests to internal IP addresses or metadata services
Multiple failed outbound connection attempts

Network Indicators:

Unexpected outbound traffic from Concert servers to internal systems
Requests to cloud metadata endpoints (169.254.169.254, etc.)
Port scanning patterns originating from Concert servers

SIEM Query:

source="ibm-concert-logs" AND (dest_ip=169.254.169.254 OR dest_ip IN [10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16])

📊 Metadata

CVE ID: CVE-2025-36243

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-918

Published: February 17, 2026

Last Updated: February 18, 2026

🔗 References

https://www.ibm.com/support/pages/node/7260162 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36243, you might also want to check these: