CVE-2025-36066 identifies a cross-site scripting (XSS) vulnerability in IBM Sterling Connect:Express Adapter for Sterling B2B Integrator versions 5.2.0.00 through 5.2.0.12. The vulnerability arises from improper neutralization of input during web page generation, classified under CWE-79. An unauthenticated attacker can craft malicious input that is embedded as executable JavaScript in the web UI, altering its intended behavior. This can lead to the disclosure of sensitive information such as user credentials within an active session, as the injected script can hijack session tokens or perform actions on behalf of the user. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), no privileges (PR:N), but does require user interaction (UI:R). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the vulnerable component. The impact affects confidentiality and integrity (C:L/I:L) but not availability (A:N). While no public exploits are reported, the vulnerability poses a moderate risk due to the critical nature of B2B integrations and the potential for credential compromise. The lack of available patches at the time of reporting necessitates proactive mitigation. IBM Sterling Connect:Express is widely used in enterprise environments for secure file transfers and B2B communication, making this vulnerability relevant for organizations relying on this software for critical business processes.

For European organizations, this vulnerability can lead to unauthorized access to sensitive business data and credentials, potentially enabling further compromise of internal systems or supply chain attacks. Given the role of IBM Sterling Connect:Express in facilitating secure B2B transactions, exploitation could disrupt business operations, damage trust with partners, and result in regulatory non-compliance, especially under GDPR due to potential data breaches. The confidentiality and integrity of communications are at risk, which could lead to financial losses or intellectual property theft. Organizations in sectors such as finance, manufacturing, and logistics, which heavily rely on B2B integrations, are particularly vulnerable. The medium severity score reflects a moderate but tangible threat that requires attention to prevent escalation. The absence of known exploits reduces immediate risk but does not eliminate the potential for future attacks.

1. Monitor IBM’s official channels for patches addressing CVE-2025-36066 and apply them promptly once available. 2. Implement strict input validation and sanitization on all user inputs within the Sterling Connect:Express web interface to prevent injection of malicious scripts. 3. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the web UI. 4. Conduct regular security assessments and penetration testing focused on web interface vulnerabilities. 5. Educate users about the risks of interacting with suspicious links or inputs that could trigger XSS attacks. 6. Use web application firewalls (WAFs) configured to detect and block XSS attack patterns targeting the Sterling Connect:Express interface. 7. Limit access to the web UI to trusted networks or VPNs to reduce exposure to unauthenticated attackers. 8. Monitor logs for unusual activity or repeated attempts to inject scripts, enabling early detection of exploitation attempts.