Hard-coded Credentials Vulnerability in IBM Sterling Connect:Direct for UNIX
CVE-2025-14115

8.4HIGH

Key Information:

Vendor: IBM
Status: Sterling Connect:direct For Unix Container
Vendor: CVE Published:; 20 January 2026

What is CVE-2025-14115?

IBM Sterling Connect:Direct for UNIX contains a vulnerability that involves hard-coded credentials, including passwords and cryptographic keys, utilized for its internal and external communications. This flaw can compromise secure connections and data encryption processes, making the system susceptible to unauthorized access and data leaks. It is crucial for users of affected versions to apply the appropriate security patches to mitigate potential threats.

Affected Version(s)

Sterling Connect:Direct for UNIX Container 6.3.0.0 <= 6.3.0.6 Interim Fix 016

Sterling Connect:Direct for UNIX Container 6.4.0.0 <= 6.4.0.3 Interim Fix 019

References

https://www.ibm.com/support/pages/node/7257143

vendor-advisorypatch

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2026
Vulnerability Reserved
Dec 5, 2025

JSON