Cross-site Scripting Flaw in IBM Sterling B2B Integrator and File Gateway
CVE-2025-2694

4.8MEDIUM

Key Information:

Vendor: IBM
Status: Sterling B2b Integrator; Sterling File Gateway
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-2694?

The identified flaw in IBM Sterling B2B Integrator and IBM Sterling File Gateway exposes the systems to cross-site scripting (XSS) attacks. By allowing a privileged user to inject arbitrary JavaScript code into the web user interface, the vulnerability can compromise the intended functionality of the application. This can potentially allow attackers to extract sensitive information, including user credentials, during a trusted session, posing a significant security risk to organizations using these products. Users are strongly urged to apply the latest patches to mitigate this threat.

Affected Version(s)

Sterling B2B Integrator 6.0.0.0 <= 6.1.2.7_1

Sterling B2B Integrator 6.2.0.0 <= 6.2.0.4

Sterling File Gateway 6.0.0.0 <= 6.1.2.7_1

References

https://www.ibm.com/support/pages/node/7244023

vendor-advisorypatch

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Mar 23, 2025