CVE-2025-36112 Overview
CVE-2025-36112 affects IBM Sterling B2B Integrator and IBM Sterling File Gateway. The flaw exposes sensitive server IP configuration information to unauthorized users over the network. The vulnerability maps to [CWE-497]: Exposure of Sensitive System Information to an Unauthorized Control Sphere.
Affected versions include 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.5, and 6.2.1.1. An unauthenticated attacker can query the affected system remotely without user interaction to obtain internal network details. The disclosed information can support reconnaissance for follow-on attacks against internal infrastructure.
Critical Impact
Unauthenticated remote attackers can retrieve internal server IP configuration data, enabling network reconnaissance against B2B file exchange infrastructure.
Affected Products
- IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7
- IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.1
- IBM Sterling File Gateway (same version ranges)
Discovery Timeline
- 2025-11-24 - CVE-2025-36112 published to NVD
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2025-36112
Vulnerability Analysis
IBM Sterling B2B Integrator and Sterling File Gateway handle managed file transfer and partner integration workflows for enterprises. The affected releases return internal server IP configuration data in responses accessible without authentication. This exposure falls under [CWE-497], where sensitive system information crosses trust boundaries into an unauthorized control sphere.
The disclosed configuration data provides attackers with visibility into internal network topology behind perimeter defenses. Attackers commonly chain such disclosures with authentication attacks, lateral movement planning, or targeted exploitation of internal services. The confidentiality impact is limited but meaningful for environments where internal IP addressing is treated as non-public information.
No public exploit code exists at the time of publication, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The Exploit Prediction Scoring System (EPSS) probability remains low, reflecting limited near-term exploitation likelihood.
Root Cause
The root cause is improper handling of server configuration data in responses to unauthenticated network requests. The application returns internal IP configuration details without applying an access control check appropriate for sensitive infrastructure metadata.
Attack Vector
An attacker sends a network request to an exposed Sterling B2B Integrator or Sterling File Gateway endpoint. No credentials, privileges, or user interaction are required. The server response includes IP configuration information that should remain internal. Attackers use this data to map internal networks and prioritize additional targets. Refer to the IBM Support Page for technical remediation details.
Detection Methods for CVE-2025-36112
Indicators of Compromise
- Unauthenticated HTTP or HTTPS requests to Sterling B2B Integrator or Sterling File Gateway endpoints from untrusted networks
- Responses containing internal IP addresses or interface configuration data returned to external clients
- Reconnaissance patterns targeting Sterling application ports followed by scans against internal IP ranges revealed in responses
Detection Strategies
- Review web server and application logs for anomalous unauthenticated requests to Sterling endpoints from external sources
- Deploy network intrusion detection signatures that flag responses containing RFC1918 addresses returned to external clients
- Correlate access logs against known partner IP ranges to identify requests from non-partner sources
Monitoring Recommendations
- Enable verbose access logging on Sterling B2B Integrator and Sterling File Gateway front-end services
- Forward application and reverse proxy logs to a centralized SIEM for correlation and long-term retention
- Alert on outbound scanning activity from internal hosts whose addresses appeared in prior Sterling responses
How to Mitigate CVE-2025-36112
Immediate Actions Required
- Apply the IBM-provided fix referenced in the IBM Support Page as soon as change windows allow
- Inventory all Sterling B2B Integrator and Sterling File Gateway instances and confirm versions against the affected ranges
- Restrict network exposure of Sterling management and API endpoints to trusted partner networks only
Patch Information
IBM has published remediation guidance for CVE-2025-36112 on the IBM Support Page. Administrators running 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.5, or 6.2.1.1 should upgrade to the fixed release identified by IBM. Validate patch application in staging before production rollout given the criticality of file transfer workflows.
Workarounds
- Place Sterling B2B Integrator and Sterling File Gateway behind a reverse proxy that strips internal address disclosures from responses
- Enforce IP allowlisting on perimeter firewalls to limit access to known trading partner ranges
- Disable or block any unauthenticated diagnostic or status endpoints exposed by the affected components
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

