CVE-2025-36002 is a vulnerability identified in IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.2.0.0 through 6.2.0.5 and 6.2.1.0. The core issue is that these products store user credentials within configuration files in a manner accessible to local users with limited privileges. This means that any user with local access and some level of permission can read these configuration files and extract sensitive passwords. The vulnerability does not require user interaction and does not allow remote exploitation without local access. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) indicates that the attack vector is local, with low attack complexity, requiring low privileges, no user interaction, unchanged scope, and high impact on confidentiality only. The vulnerability does not affect integrity or availability. No public exploits or active exploitation campaigns have been reported to date. The issue primarily exposes credentials that could be used for lateral movement or privilege escalation within an organization's network. Given the nature of IBM Sterling products, which are widely used for B2B data exchange and supply chain integrations, the exposure of credentials could lead to unauthorized access to sensitive business data or disruption of automated business processes if attackers leverage the stolen credentials. The vulnerability was published on October 16, 2025, and IBM has not yet provided specific patch links, indicating that remediation may be pending or in progress. Organizations should monitor IBM advisories for patches and apply them promptly once available.

For European organizations, the impact of CVE-2025-36002 can be significant in environments where IBM Sterling B2B Integrator and File Gateway are used to manage critical business-to-business transactions and supply chain communications. Credential disclosure could allow an attacker with local access to escalate privileges or move laterally within the network, potentially accessing sensitive commercial data or disrupting automated workflows. This could result in confidentiality breaches, loss of trust from partners, regulatory compliance issues (e.g., GDPR concerns if personal data is involved), and operational disruptions. Since the vulnerability requires local access, the risk is higher in environments with many users having local system access or where endpoint security is weak. European companies in manufacturing, logistics, finance, and retail sectors that rely heavily on IBM Sterling products for secure data exchange are particularly at risk. The medium severity rating reflects that while the vulnerability is not remotely exploitable, the potential damage from credential compromise in a critical business integration platform is non-trivial.

1. Immediately restrict file system permissions on configuration files containing credentials to the minimum necessary users and groups, ideally only to the application service account. 2. Conduct thorough audits of local user accounts and remove or limit unnecessary local access, especially on servers running IBM Sterling products. 3. Implement endpoint detection and response (EDR) solutions to monitor for suspicious local file access or credential dumping activities. 4. Use OS-level encryption or filesystem encryption to protect configuration files at rest where possible. 5. Monitor IBM security advisories closely and apply official patches or updates as soon as they become available. 6. Consider implementing multi-factor authentication and credential vaulting solutions to reduce reliance on static credentials stored in configuration files. 7. Educate system administrators and users about the risks of local credential exposure and enforce strict access control policies. 8. If feasible, isolate IBM Sterling servers in segmented network zones with limited user access to reduce the attack surface. 9. Regularly review and rotate credentials stored in configuration files to limit the window of exposure. 10. Employ logging and alerting on configuration file access to detect potential exploitation attempts early.