Sensitive Information Exposure in IBM Sterling B2B Integrator and File Gateway
CVE-2025-1348

4MEDIUM

Key Information:

Vendor: IBM
Status: Sterling B2b Integrator
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-1348?

The vulnerability in IBM Sterling B2B Integrator and IBM Sterling File Gateway arises from insufficient caching policies. A local user can exploit this flaw to gain unauthorized access to sensitive information stored in the web browser cache, potentially leading to data breaches or privacy violations. This issue is present in specified versions of both products, marking a significant security risk for organizations relying on these systems.

Affected Version(s)

Sterling B2B Integrator 6.0.0.0 <= 6.1.2.6

Sterling B2B Integrator 6.2.0.0 <= 6.2.0.4

References

https://www.ibm.com/support/pages/node/7237068

vendor-advisory

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Feb 15, 2025