CVE-2025-36112 – This vulnerability in IBM Sterling B2B Integrat... (How to Fix)

Q: What is the severity of CVE-2025-36112?

CVE-2025-36112 has a CVSS score of 5.3 (MEDIUM). This vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway allows unauthorized users to access sensitive server IP configuration information. Affected organizations using vulnerable versions could have internal network details exposed to attackers.

📋 TL;DR

This vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway allows unauthorized users to access sensitive server IP configuration information. Affected organizations using vulnerable versions could have internal network details exposed to attackers.

💻 Affected Systems

Products:

IBM Sterling B2B Integrator
IBM Sterling File Gateway

Versions: 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with affected versions are vulnerable regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain internal IP configurations enabling network mapping and potential lateral movement within the organization's infrastructure.

🟠

Likely Case

Unauthorized users access server configuration details that could be used for reconnaissance in subsequent attacks.

🟢

If Mitigated

Information exposure limited to non-critical configuration data with minimal operational impact.

🌐 Internet-Facing: MEDIUM - Internet-facing instances could expose internal network information to external attackers.

🏢 Internal Only: LOW - Internal-only deployments reduce exposure but still risk information leakage to internal threat actors.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Unauthenticated access suggests simple exploitation, though specific method not detailed in advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply IBM-provided interim fixes or upgrade to versions beyond affected ranges

Vendor Advisory: https://www.ibm.com/support/pages/node/7252197

Restart Required: Yes

Instructions:

1. Review IBM advisory for specific interim fixes. 2. Apply appropriate fix for your version. 3. Restart affected services. 4. Verify fix implementation.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to vulnerable systems to authorized users only

Authentication Enforcement

all

Ensure all access to affected systems requires authentication

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Monitor access logs for unauthorized configuration information requests

🔍 How to Verify

Check if Vulnerable:

Check current version against affected ranges: 6.0.0.0-6.1.2.7 or 6.2.0.0-6.2.0.5 or 6.2.1.1

Check Version:

Check product documentation for version query commands specific to your deployment

Verify Fix Applied:

Verify version is updated beyond affected ranges and test that configuration information is no longer accessible without authentication

📡 Detection & Monitoring

Log Indicators:

Unauthenticated requests for configuration or IP information
Access patterns suggesting reconnaissance

Network Indicators:

Unusual requests to configuration endpoints from unauthorized sources

SIEM Query:

source="sterling*" AND (uri="*config*" OR uri="*ip*" OR uri="*network*") AND auth_status="failed"

📊 Metadata

CVE ID: CVE-2025-36112

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-497

EPSS Score: 0.04% exploit probability (11.5th percentile)

Published: November 24, 2025

Last Updated: December 1, 2025

🔗 References

https://www.ibm.com/support/pages/node/7252197 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36112, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Sterling B2b Integrator by Ibm

Sterling B2b Integrator by Ibm

Sterling B2b Integrator by Ibm

Sterling File Gateway by Ibm

Sterling File Gateway by Ibm

Sterling File Gateway by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Restriction

Authentication Enforcement

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities