CVE-2025-36002 identifies a vulnerability in IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.2.0.0 through 6.2.0.5 and 6.2.1.0, where user credentials are stored insecurely in configuration files. This vulnerability is categorized under CWE-260 (Use of a One-Way Hash Without a Salt) and CWE-256 (Plaintext Storage of a Password). The core issue is that these configuration files contain sensitive authentication information that can be read by any local user with file system access, potentially exposing passwords in plaintext or weakly protected form. The CVSS v3.1 score is 5.5 (medium severity), reflecting that exploitation requires local access with low privileges (AV:L, PR:L), no user interaction (UI:N), and impacts confidentiality (C:H) but not integrity or availability. The vulnerability does not require elevated privileges beyond local user access, making it a concern in environments where local user accounts are shared, poorly controlled, or where attackers have gained foothold through other means. No public exploits have been reported, but the exposure of credentials could facilitate lateral movement or privilege escalation within affected networks. The vulnerability affects critical B2B integration platforms used for secure data exchange and file transfers, which are integral to many enterprise supply chains and partner communications. The lack of available patches at the time of publication necessitates immediate compensating controls to limit local file access and monitor for suspicious activity.

For European organizations, this vulnerability poses a significant confidentiality risk. Exposure of user credentials stored in configuration files could allow attackers or unauthorized local users to access sensitive B2B communication channels, potentially leading to data leakage or unauthorized data manipulation through compromised accounts. While the vulnerability does not directly affect system integrity or availability, the compromise of credentials can enable further attacks such as lateral movement, privilege escalation, or unauthorized access to partner systems. Industries relying heavily on IBM Sterling products for supply chain management, financial transactions, or regulated data exchange—such as manufacturing, finance, and logistics—may face operational disruptions and compliance risks if credential compromise leads to data breaches. Given the local access requirement, the vulnerability is especially impactful in environments with weak endpoint security, insufficient user account segregation, or inadequate monitoring of internal threats. The absence of known exploits reduces immediate risk but does not eliminate the threat, as attackers may develop techniques to leverage this vulnerability. European organizations must consider the potential for insider threats or attackers who have already gained limited access to escalate their privileges or move laterally within networks.

To mitigate CVE-2025-36002, organizations should first restrict access permissions on configuration files storing credentials to the minimum necessary users and service accounts, ensuring that only trusted administrators and system processes can read these files. Implement strict local user account management policies, including removing unnecessary local accounts and enforcing strong authentication and authorization controls. Employ endpoint detection and response (EDR) solutions to monitor for suspicious local file access or privilege escalation attempts. Where possible, isolate systems running IBM Sterling products in segmented network zones with limited user access. Regularly audit file system permissions and review logs for unauthorized access attempts. IBM should be contacted for patches or configuration updates that eliminate plaintext credential storage or encrypt sensitive configuration data. Until patches are available, consider using application-level encryption or vault solutions to store credentials securely outside of configuration files. Additionally, implement multi-factor authentication (MFA) for administrative access to reduce the risk of credential misuse. Finally, conduct user awareness training to highlight the risks of local credential exposure and enforce policies against unauthorized local access.