IBM Concert Predictable File Naming Allows Local File Overwrite

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.2

IBM Concert Predictable File Naming Allows Local File Overwrite

CVE-2025-13044

Summary

IBM Concert versions 1.0.0 through 2.2.0 creates predictable temporary files that can be exploited by local users to overwrite arbitrary files on the system. This can lead to unauthorized data modification or system compromise. To mitigate this issue, update to a fixed version of IBM Concert or implement additional security measures to restrict access to sensitive areas of the system.

Original title

IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.

Original description

IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.

nvd CVSS3.1 6.2

Vulnerability type

CWE-340

https://www.ibm.com/support/pages/node/7268620

Published: 7 Apr 2026 · Updated: 7 Apr 2026 · First seen: 7 Apr 2026