CVE-2025-36065 identifies a session management vulnerability classified under CWE-613 (Insufficient Session Expiration) in IBM Sterling Connect:Express Adapter for Sterling B2B Integrator version 5.2.0. The issue arises because the software fails to invalidate user sessions after the browser is closed, which is a critical security lapse in session lifecycle management. This flaw allows an authenticated user to impersonate another user by reusing an active session token that should have been terminated. The vulnerability affects versions 5.2.0.00 through 5.2.0.12 and was published on January 20, 2026. The CVSS 3.1 base score is 6.3, indicating medium severity, with the vector showing network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), and impacts on confidentiality, integrity, and availability (C:L/I:L/A:L). The absence of session invalidation after browser closure can lead to unauthorized access, session hijacking, and potential data leakage or manipulation within the B2B integration environment. No known exploits have been reported in the wild, and IBM has not yet released official patches, increasing the urgency for organizations to implement compensating controls. This vulnerability is particularly critical in environments where multiple users share workstations or where session tokens are stored insecurely. Given the nature of Sterling B2B Integrator as a platform for business-to-business data exchange, exploitation could disrupt critical business processes and expose sensitive transactional data.

For European organizations, this vulnerability poses a risk of unauthorized access and impersonation within critical B2B integration systems, potentially leading to data breaches, transaction manipulation, and disruption of supply chain communications. Confidentiality is at risk as attackers could access sensitive business data; integrity could be compromised through unauthorized transaction modifications; and availability might be affected if session misuse leads to denial of service or operational disruptions. The medium severity score reflects that while exploitation requires some privileges, no user interaction is needed, and the attack can be performed remotely over the network. Organizations relying on IBM Sterling Connect:Express Adapter for their B2B workflows may face operational and reputational damage if attackers leverage this flaw. Additionally, regulatory compliance risks exist under GDPR if personal or sensitive data is exposed due to session hijacking. The lack of official patches means organizations must rely on interim mitigations to reduce exposure.

1. Implement strict session management policies that enforce session invalidation upon browser closure or after a short inactivity timeout, even if the software does not do so by default. 2. Configure web application firewalls (WAFs) or reverse proxies to detect and block suspicious session reuse or anomalies in session tokens. 3. Require multi-factor authentication (MFA) for accessing the Sterling B2B Integrator interface to reduce the risk of session hijacking. 4. Regularly audit and monitor session logs for unusual activity, such as concurrent sessions from different IP addresses or geographic locations. 5. Educate users to log out explicitly rather than relying on browser closure to terminate sessions. 6. Isolate Sterling B2B Integrator access to trusted networks and restrict administrative access via VPN or zero-trust network access solutions. 7. Engage with IBM support for any available patches or updates and plan for timely application once released. 8. Consider deploying endpoint security controls to prevent session token theft from client machines. 9. Review and harden session cookie attributes (e.g., Secure, HttpOnly, SameSite) to reduce the risk of token theft via cross-site scripting or network interception.