Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-36112

CVE-2025-36112: IBM Sterling B2B Integrator Info Leak Flaw

CVE-2025-36112 is an information disclosure vulnerability in IBM Sterling B2B Integrator that exposes sensitive server IP configuration to unauthorized users. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2025-36112 Overview

CVE-2025-36112 affects IBM Sterling B2B Integrator and IBM Sterling File Gateway. The flaw exposes sensitive server IP configuration information to unauthorized users over the network. The vulnerability maps to [CWE-497]: Exposure of Sensitive System Information to an Unauthorized Control Sphere.

Affected versions include 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.5, and 6.2.1.1. An unauthenticated attacker can query the affected system remotely without user interaction to obtain internal network details. The disclosed information can support reconnaissance for follow-on attacks against internal infrastructure.

Critical Impact

Unauthenticated remote attackers can retrieve internal server IP configuration data, enabling network reconnaissance against B2B file exchange infrastructure.

Affected Products

  • IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7
  • IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.1
  • IBM Sterling File Gateway (same version ranges)

Discovery Timeline

  • 2025-11-24 - CVE-2025-36112 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2025-36112

Vulnerability Analysis

IBM Sterling B2B Integrator and Sterling File Gateway handle managed file transfer and partner integration workflows for enterprises. The affected releases return internal server IP configuration data in responses accessible without authentication. This exposure falls under [CWE-497], where sensitive system information crosses trust boundaries into an unauthorized control sphere.

The disclosed configuration data provides attackers with visibility into internal network topology behind perimeter defenses. Attackers commonly chain such disclosures with authentication attacks, lateral movement planning, or targeted exploitation of internal services. The confidentiality impact is limited but meaningful for environments where internal IP addressing is treated as non-public information.

No public exploit code exists at the time of publication, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The Exploit Prediction Scoring System (EPSS) probability remains low, reflecting limited near-term exploitation likelihood.

Root Cause

The root cause is improper handling of server configuration data in responses to unauthenticated network requests. The application returns internal IP configuration details without applying an access control check appropriate for sensitive infrastructure metadata.

Attack Vector

An attacker sends a network request to an exposed Sterling B2B Integrator or Sterling File Gateway endpoint. No credentials, privileges, or user interaction are required. The server response includes IP configuration information that should remain internal. Attackers use this data to map internal networks and prioritize additional targets. Refer to the IBM Support Page for technical remediation details.

Detection Methods for CVE-2025-36112

Indicators of Compromise

  • Unauthenticated HTTP or HTTPS requests to Sterling B2B Integrator or Sterling File Gateway endpoints from untrusted networks
  • Responses containing internal IP addresses or interface configuration data returned to external clients
  • Reconnaissance patterns targeting Sterling application ports followed by scans against internal IP ranges revealed in responses

Detection Strategies

  • Review web server and application logs for anomalous unauthenticated requests to Sterling endpoints from external sources
  • Deploy network intrusion detection signatures that flag responses containing RFC1918 addresses returned to external clients
  • Correlate access logs against known partner IP ranges to identify requests from non-partner sources

Monitoring Recommendations

  • Enable verbose access logging on Sterling B2B Integrator and Sterling File Gateway front-end services
  • Forward application and reverse proxy logs to a centralized SIEM for correlation and long-term retention
  • Alert on outbound scanning activity from internal hosts whose addresses appeared in prior Sterling responses

How to Mitigate CVE-2025-36112

Immediate Actions Required

  • Apply the IBM-provided fix referenced in the IBM Support Page as soon as change windows allow
  • Inventory all Sterling B2B Integrator and Sterling File Gateway instances and confirm versions against the affected ranges
  • Restrict network exposure of Sterling management and API endpoints to trusted partner networks only

Patch Information

IBM has published remediation guidance for CVE-2025-36112 on the IBM Support Page. Administrators running 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.5, or 6.2.1.1 should upgrade to the fixed release identified by IBM. Validate patch application in staging before production rollout given the criticality of file transfer workflows.

Workarounds

  • Place Sterling B2B Integrator and Sterling File Gateway behind a reverse proxy that strips internal address disclosures from responses
  • Enforce IP allowlisting on perimeter firewalls to limit access to known trading partner ranges
  • Disable or block any unauthenticated diagnostic or status endpoints exposed by the affected components

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.