CVE-2025-36115 is a session fixation vulnerability classified under CWE-384, affecting IBM Sterling Connect:Express Adapter for Sterling B2B Integrator versions 5.2.0.00 through 5.2.0.12. The vulnerability stems from the product's failure to invalidate or disallow reuse of session identifiers after their initial use. In a typical secure session management process, session IDs should be regenerated or invalidated upon authentication or privilege changes to prevent session fixation attacks. Here, the persistent session ID allows an attacker who is already authenticated with limited privileges to fixate a session ID and then impersonate another user, potentially with higher privileges. The attack vector is network-based, with low complexity, requiring the attacker to have some level of privileges but no user interaction. The impact includes potential unauthorized access, confidentiality breaches, integrity violations, and availability disruptions within the B2B integration environment. The vulnerability affects critical business-to-business communication workflows, which often handle sensitive transactional data. Although no public exploits are known, the medium CVSS score (6.3) reflects the moderate risk posed by this vulnerability. No patches have been officially linked yet, so organizations must rely on configuration and monitoring controls until remediation is available.

For European organizations, this vulnerability poses a risk to the confidentiality, integrity, and availability of B2B integration processes that rely on IBM Sterling Connect:Express Adapter. Exploitation could allow attackers to impersonate legitimate users, potentially accessing sensitive business data, altering transaction flows, or disrupting automated business communications. This can lead to financial losses, regulatory non-compliance (especially under GDPR due to data breaches), and reputational damage. Organizations in sectors such as finance, manufacturing, logistics, and telecommunications that depend heavily on secure B2B integrations are particularly vulnerable. The medium severity indicates that while the vulnerability is not trivially exploitable by unauthenticated attackers, the consequences of exploitation are significant enough to warrant urgent attention. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially as threat actors may develop exploits over time.

1. Implement strict session management policies: Ensure that session IDs are invalidated immediately after logout or privilege escalation events. 2. Monitor and audit session activities to detect anomalies such as session reuse or multiple concurrent sessions from different IP addresses. 3. Restrict access to the Sterling Connect:Express Adapter interface to trusted networks and users using network segmentation and firewall rules. 4. Apply the principle of least privilege to users interacting with the system to limit the potential impact of compromised sessions. 5. Regularly update and patch IBM Sterling products as soon as official fixes become available. 6. Employ multi-factor authentication (MFA) to reduce the risk of session hijacking leading to unauthorized access. 7. Conduct penetration testing and vulnerability assessments focused on session management controls within the B2B integration environment. 8. Engage with IBM support to obtain any interim patches or recommended configuration changes to mitigate session fixation risks.