CVE-2025-36064 is a medium-severity vulnerability affecting IBM Sterling Connect:Express for Microsoft Windows versions 3.1.0.0 through 3.1.0.22. The vulnerability arises from improper restriction of excessive authentication attempts (CWE-307), specifically due to inadequate account lockout settings. This flaw allows a remote attacker to perform brute force attacks against user accounts by repeatedly attempting to authenticate without being effectively blocked or locked out. The vulnerability does not require any prior authentication or user interaction, and the attack vector is network-based (AV:N). However, the attack complexity is high (AC:H), indicating that successful exploitation requires significant effort or conditions. The impact is primarily on confidentiality, as successful brute forcing could lead to unauthorized access to sensitive data or systems, but it does not affect integrity or availability. The vulnerability affects only the specified version 3.1.0.0 of the product. No known exploits are currently reported in the wild, and no patches have been linked yet. The CVSS v3.1 base score is 5.9, reflecting a medium severity level. This vulnerability highlights the importance of robust authentication controls and account lockout mechanisms in enterprise file transfer solutions like IBM Sterling Connect:Express, which are often used to securely exchange sensitive business data.

For European organizations, this vulnerability poses a risk of unauthorized access to critical file transfer systems, potentially exposing sensitive business data, intellectual property, or personal data protected under GDPR. Successful brute force attacks could lead to data breaches, compliance violations, and reputational damage. Since IBM Sterling Connect:Express is used in industries such as finance, manufacturing, and logistics, exploitation could disrupt secure data exchanges and impact business operations. The confidentiality breach risk is significant, especially for organizations handling regulated or sensitive data. However, the lack of impact on integrity and availability reduces the risk of data manipulation or service disruption. The medium severity suggests that while the threat is serious, it may not be easily exploitable without considerable effort, giving organizations some time to implement mitigations. Nonetheless, given the critical role of secure file transfer in supply chains and inter-organizational communications, European enterprises should prioritize addressing this vulnerability to maintain trust and compliance.

Organizations should implement the following specific mitigations: 1) Immediately review and strengthen account lockout policies in IBM Sterling Connect:Express configurations, ensuring that accounts are locked after a limited number of failed login attempts to prevent brute force attacks. 2) Monitor authentication logs for repeated failed login attempts and implement alerting mechanisms to detect potential brute force activity early. 3) Restrict network access to the Sterling Connect:Express service using firewalls or network segmentation to limit exposure to trusted IP addresses only. 4) Enforce strong password policies and consider multi-factor authentication (MFA) if supported by the product or via integration with identity providers. 5) Regularly update and patch the product once IBM releases a security update addressing this vulnerability. 6) Conduct penetration testing focused on authentication mechanisms to verify the effectiveness of implemented controls. 7) Educate administrators on secure configuration best practices for authentication and account management within Sterling Connect:Express. These targeted actions go beyond generic advice by focusing on configuration hardening, monitoring, and network controls specific to the affected product and vulnerability.