CVE-2025-1349 is a stored cross-site scripting (XSS) vulnerability affecting IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4. The vulnerability arises from improper neutralization of input during web page generation (CWE-79), allowing a privileged user to inject arbitrary JavaScript code into the web user interface. Because the injected script is stored and executed within the context of the trusted web application, it can alter the intended functionality of the interface. This can lead to the disclosure of sensitive information such as user credentials within an active session. The vulnerability requires a privileged user account to exploit, and no user interaction is needed beyond the privileged user’s actions. The CVSS v3.1 base score is 5.5 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), high privileges required (PR:H), no user interaction (UI:N), scope changed (S:C), and low impact on confidentiality and integrity (C:L, I:L), with no impact on availability (A:N). No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability affects critical B2B integration platforms widely used for secure data exchange and business process automation, making it a significant concern for organizations relying on these IBM products for their supply chain and partner communications.

For European organizations, the impact of this vulnerability can be significant due to the widespread use of IBM Sterling B2B Integrator in industries such as manufacturing, logistics, retail, and finance, which are heavily integrated across European supply chains. Exploitation could allow a privileged insider or compromised privileged account to inject malicious scripts that steal session tokens or credentials, potentially leading to unauthorized access to sensitive business data and partner communications. This could disrupt automated business processes, cause data leakage, and undermine trust between trading partners. Given the scope change in the CVSS vector, the vulnerability could affect multiple components or services within the environment, amplifying the risk. Although exploitation requires privileged access, the potential for lateral movement and escalation within the network elevates the threat. Additionally, the lack of user interaction needed means automated or scripted attacks by insiders or attackers with elevated access could be feasible. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers often develop exploits after disclosure. The vulnerability could also have regulatory implications under GDPR if personal or sensitive data is exposed through compromised sessions.

1. Restrict privileged user accounts strictly to trusted personnel and enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of account compromise. 2. Implement rigorous input validation and output encoding on all user-supplied data within the IBM Sterling B2B Integrator interface, even if patches are not yet available, by applying web application firewall (WAF) rules tailored to detect and block malicious script payloads targeting the affected endpoints. 3. Monitor privileged user activities closely through enhanced logging and anomaly detection to identify any unusual injection attempts or unauthorized changes to web UI elements. 4. Segment the network to isolate the IBM Sterling B2B Integrator environment from less trusted networks and limit lateral movement opportunities. 5. Regularly review and update access controls to ensure the principle of least privilege is enforced. 6. Stay alert for IBM security advisories and apply patches or updates promptly once released. 7. Conduct security awareness training for privileged users emphasizing the risks of XSS and safe handling of web interfaces. 8. Consider deploying Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts within the web UI. 9. Perform periodic security assessments and penetration testing focusing on web interface vulnerabilities to detect similar issues proactively.