CVE-2025-64647
Published: 25 March 2026
Summary
CVE-2025-64647 is a medium-severity Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) vulnerability in Ibm Concert. Its CVSS base score is 5.9 (Medium).
Operationally, ranked at the 1.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-7 (Cryptographic Module Authentication) and SC-13 (Cryptographic Protection).
Deeper analysis
CVE-2025-64647 is a vulnerability in IBM Concert versions 1.0.0 through 2.2.0, where the software uses weaker than expected cryptographic algorithms. This flaw, tagged under CWE-1240, could enable an attacker to decrypt highly sensitive information. The issue received a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) and was published on 2026-03-25.
A remote attacker requires no privileges or user interaction to target systems over the network, but exploitation demands high attack complexity. If successful, the attacker achieves high-impact confidentiality loss by decrypting sensitive data, with no impact on integrity or availability.
IBM provides mitigation details in its security advisory at https://www.ibm.com/support/pages/node/7267105.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-209033
Vulnerability details
IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SC-13 mandates the implementation of organization-defined cryptographic mechanisms compliant with standards, directly preventing the use of weaker cryptographic algorithms that enable decryption of sensitive information.
IA-7 requires authentication of cryptographic modules to ensure only validated modules using strong, compliant algorithms are employed, mitigating the risk of weak cryptography in IBM Concert.
SC-12 enforces cryptographic key establishment and management using approved mechanisms of equivalent strength, addressing aspects of weak algorithms used in decryption processes.