CVE-2025-33015

High

Published: 20 January 2026

Published

20 January 2026

Modified

26 January 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0006 17.5th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-33015 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Ibm Concert. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1100); ranked at the 17.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Web Shell (T1100) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly enforces validation of uploaded file content to block malicious files in the web interface.

SI-2 Flaw Remediation good match

prevent

Remediates the specific file validation flaw through timely patching of IBM Concert as advised.

SI-3 Malicious Code Protection partial match

preventdetect

Scans and blocks malicious code in uploaded files, mitigating exploitation even if validation fails.

MITRE ATT&CK Enterprise TechniquesAI

T1100 Web Shell Persistence

A Web shell is a Web script that is placed on an openly accessible Web server to allow an adversary to use the Web server as a gateway into a network.

attack.mitre.org →

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

Why these techniques?

Unrestricted file upload (CWE-434) on a web interface directly enables deployment of web shells or malicious server components for code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.

Deeper analysisAI

CVE-2025-33015 affects IBM Concert versions 1.0.0 through 2.1.0, where the web interface fails to validate the content of uploaded files, enabling malicious file uploads. This vulnerability, associated with CWE-434 (Unrestricted Upload of File with Dangerous Type), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

A remote attacker with no required privileges can exploit this vulnerability over the network with low complexity by tricking a user into uploading a specially crafted malicious file via the web interface. Successful exploitation requires user interaction but can result in high-impact compromise, allowing the attacker to execute arbitrary code, steal data, modify system files, or disrupt services on the affected system.

IBM has published an advisory at https://www.ibm.com/support/pages/node/7257006, which provides details on mitigation steps and available patches for resolving the file validation issue in the web interface. Security practitioners should review this page for version-specific remediation guidance.

Details

CWE(s): CWE-434

Affected Products

ibm

concert

1.0.0 — 2.2.0

CVEs Like This One

CVE-2025-64647Same product: Ibm Concert

CVE-2025-33089Same product: Ibm Concert

CVE-2024-52367Same product: Ibm Concert

CVE-2024-49354Same product: Ibm Concert

CVE-2025-1719Same product: Ibm Concert

CVE-2025-1722Same product: Ibm Concert

CVE-2025-13689Same vendor: Ibm

CVE-2024-25034Same vendor: Ibm

CVE-2024-39752Same vendor: Ibm

CVE-2024-40693Same vendor: Ibm

References

https://www.ibm.com/support/pages/node/7257006
Vendor Advisory · psirt@us.ibm.com