IBM Concert 1.0-2.1.0 Heap Memory Info Leak via MITM
CVE-2025-33101 Published on February 17, 2026
Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory.
Vulnerability Analysis
CVE-2025-33101 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is a Heap Inspection Vulnerability?
Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory. When sensitive data such as a password or an encryption key is not removed from memory, it could be exposed to an attacker using a "heap inspection" attack that reads the sensitive data using memory dumps or other methods. The realloc() function is commonly used to increase the size of a block of allocated memory. This operation often requires copying the contents of the old memory block into a new and larger block. This operation leaves the contents of the original block intact but inaccessible to the program, preventing the program from being able to scrub sensitive data from memory. If an attacker can later examine the contents of a memory dump, the sensitive data could be exposed.
CVE-2025-33101 has been classified to as a Heap Inspection vulnerability or weakness.
Products Associated with CVE-2025-33101
Want to know whenever a new CVE is published for IBM Concert? stack.watch will email you.
Affected Versions
IBM Concert:- Version 1.0.0, <= 2.1.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.