Sensitive Directory Information Disclosure in IBM Sterling File Gateway
CVE-2025-2827

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Sterling File Gateway
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-2827?

The IBM Sterling File Gateway contains a vulnerability that allows authenticated users to access sensitive installation directory information. This exposure can potentially be exploited in subsequent attacks against the system, compromising security and integrity. It is crucial for users of affected versions, including 6.0.0.0 to 6.1.2.6 and 6.2.0.0 to 6.2.0.4, to be aware of this issue and take necessary precautions.

Affected Version(s)

Sterling File Gateway 6.0.0.0 <= 6.1.2.6

Sterling File Gateway 6.2.0.0 <= 6.2.0.4

References

https://www.ibm.com/support/pages/node/7239094

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Mar 26, 2025