CVE-2025-36113 is a cross-site scripting (XSS) vulnerability classified under CWE-79, affecting IBM Sterling Connect:Express Adapter for Sterling B2B Integrator version 5.2.0.00 through 5.2.0.12. This vulnerability arises from improper neutralization of user input during web page generation, allowing an authenticated user to inject arbitrary JavaScript code into the web user interface. The injected script can manipulate the UI's intended behavior, potentially leading to disclosure of sensitive information such as user credentials within an active session. The vulnerability requires the attacker to have valid credentials (privileged or non-privileged) and to interact with the system's web interface, which limits the attack surface but does not eliminate risk. The CVSS v3.1 base score is 5.4 (medium), with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network attack vector, low attack complexity, privileges required, user interaction required, scope changed, and limited confidentiality and integrity impacts without availability impact. No public exploits have been reported yet, but the vulnerability poses a risk in environments where multiple users access the web UI, especially in B2B integration scenarios where sensitive transactional data and credentials are handled. The vulnerability could be leveraged to perform session hijacking, credential theft, or unauthorized actions within the trusted session context.

For European organizations, the impact of CVE-2025-36113 can be significant in sectors relying on IBM Sterling Connect:Express for secure B2B communications, such as finance, manufacturing, logistics, and supply chain management. Successful exploitation could lead to unauthorized disclosure of credentials, enabling further lateral movement or data exfiltration within the enterprise network. This compromises confidentiality and integrity of sensitive business transactions and partner communications. The vulnerability could disrupt trust relationships between business partners and damage reputations. Given the widespread use of IBM enterprise software in Europe, especially in countries with advanced manufacturing and financial sectors, the risk is non-trivial. However, the requirement for authentication and user interaction reduces the likelihood of widespread automated exploitation. Still, insider threats or compromised user accounts could be leveraged to exploit this vulnerability, making it a concern for organizations with multiple users accessing the web UI.

1. Apply official patches or updates from IBM as soon as they become available to address the vulnerability directly. 2. Implement strict input validation and output encoding on all user-supplied data in the web interface to prevent script injection. 3. Enforce the principle of least privilege for user accounts accessing the Sterling Connect:Express Adapter, limiting access to only necessary personnel. 4. Enable multi-factor authentication (MFA) to reduce the risk of compromised credentials being used to exploit the vulnerability. 5. Monitor web UI logs and user activities for unusual behavior indicative of XSS exploitation attempts or session anomalies. 6. Conduct regular security awareness training for users to recognize phishing or social engineering attempts that could lead to credential compromise. 7. Consider deploying web application firewalls (WAF) with rules tailored to detect and block XSS payloads targeting the affected application. 8. Segment the network to isolate critical B2B integration components, limiting lateral movement if exploitation occurs.