CVE-2025-36064 identifies a security vulnerability in IBM Sterling Connect:Express for Microsoft Windows versions 3.1.0.0 through 3.1.0.22. The root cause is an inadequate account lockout mechanism that fails to sufficiently restrict the number of consecutive failed authentication attempts. This weakness falls under CWE-307, which concerns improper restriction of excessive authentication attempts. Due to this flaw, a remote attacker can attempt to brute force user credentials without triggering effective lockout or throttling, increasing the likelihood of credential compromise. The vulnerability requires no privileges or user interaction, but the attack complexity is rated high, indicating some difficulty in successful exploitation. The CVSS v3.1 base score is 5.9 (medium), with vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N, reflecting network attack vector, high complexity, no privileges or user interaction needed, unchanged scope, and high impact on confidentiality only. No public exploits or patches are currently available, emphasizing the need for proactive mitigation. The vulnerability primarily threatens confidentiality by enabling unauthorized access through credential brute forcing, but does not directly impact system integrity or availability. IBM Sterling Connect:Express is widely used in enterprise file transfer scenarios, especially in supply chain and financial sectors, making this vulnerability a concern for organizations relying on secure file exchanges.

The primary impact of CVE-2025-36064 is the potential compromise of user credentials through brute force attacks, which can lead to unauthorized access to IBM Sterling Connect:Express systems. This unauthorized access could expose sensitive data transferred via the platform, undermining confidentiality. While the vulnerability does not affect system integrity or availability directly, compromised credentials could be leveraged for further lateral movement or data exfiltration within an organization. Enterprises using affected versions in critical sectors such as finance, supply chain management, and logistics could face significant operational and reputational risks if attackers gain access. The lack of effective account lockout increases the attack surface for remote adversaries, especially those targeting high-value accounts. Although no known exploits are currently reported, the medium severity and ease of network access make this a credible threat that requires timely attention to prevent potential breaches.

Organizations should implement several specific mitigations to reduce the risk posed by CVE-2025-36064. First, enforce strict account lockout policies or throttling mechanisms at the application or network level to limit failed authentication attempts, even if the product's native lockout is inadequate. Deploy multi-factor authentication (MFA) for all user accounts accessing Sterling Connect:Express to add an additional layer of defense against credential compromise. Monitor authentication logs closely for unusual patterns indicative of brute force attempts and set up alerts for rapid failed login attempts. Network segmentation and firewall rules should restrict access to the Sterling Connect:Express service to trusted IP addresses and networks only. Until IBM releases an official patch, consider deploying Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with rules to detect and block brute force attack patterns targeting the service. Finally, educate users on strong password policies and regularly review account privileges to minimize the impact of any compromised credentials.