CVE-2025-27909CRITICAL 9.8EPSS p9.6%

CVE-2025-27909CVE-2025-27909

Description

IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.20% probability of exploitation · percentile 9.6% · 2026-06-18T12:00:27Z
Published2025-08-18
Last modified2025-08-21

Underlying weaknesses· 2

CWE-942CWE-697

References

  1. https://www.ibm.com/support/pages/node/7242354

2

TypeTargetConfidenceTier
WeaknessIncorrect Comparisoncwe-6970%live
WeaknessPermissive Cross-domain Security Policy with Untrusted Domainscwe-9420%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-33089
CVE
CVE-2025-33015
CVE
CVE-2025-13915
CVE
CVE-2026-49202
CVE
CVE-2026-9311
CVE
CVE-2025-36361
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.