IBM Concert Software 1.0.0-2.0.0 Local User Heap Memory Clear Vulnerability
CVE-2025-36083 Published on October 28, 2025

Multiple Vulnerabilities in IBM Concert Software.
IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-36083 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

What is a Heap Inspection Vulnerability?

Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory. When sensitive data such as a password or an encryption key is not removed from memory, it could be exposed to an attacker using a "heap inspection" attack that reads the sensitive data using memory dumps or other methods. The realloc() function is commonly used to increase the size of a block of allocated memory. This operation often requires copying the contents of the old memory block into a new and larger block. This operation leaves the contents of the original block intact but inaccessible to the program, preventing the program from being able to scrub sensitive data from memory. If an attacker can later examine the contents of a memory dump, the sensitive data could be exposed.

CVE-2025-36083 has been classified to as a Heap Inspection vulnerability or weakness.


Products Associated with CVE-2025-36083

stack.watch emails you whenever new vulnerabilities are published in IBM Concert or IBM Concert Software. Just hit a watch button to start following.

IBM Concert
 
IBM Concert Software
 

Affected Versions

IBM Concert Software:

Exploit Probability

EPSS
0.02%
Percentile
5.08%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.