CVE-2025-36137 is a vulnerability classified under CWE-250 (Execution with Unnecessary Privileges) affecting IBM Sterling Connect:Direct for Unix in specific versions ranging from 6.2.0.7 to 6.4.0.2 with certain interim fixes. The issue arises because the software incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users. Specifically, post-update scripts are granted excessive privileges beyond what is necessary, enabling a privileged user with CCD access to escalate their privileges further. This escalation could allow an attacker to execute arbitrary code with higher privileges, potentially leading to full system compromise. The vulnerability has a CVSS v3.1 base score of 7.2, indicating high severity, with attack vector as network (AV:N), low attack complexity (AC:L), requiring high privileges (PR:H), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no public exploits are known at this time, the vulnerability represents a significant risk due to the critical role of Sterling Connect:Direct in secure file transfer operations in enterprise environments. The vulnerability affects multiple versions and fix levels, emphasizing the need for careful version management and patching. The root cause is improper privilege assignment in maintenance scripts, a common security design flaw that can be exploited by insiders or attackers who have gained some level of privileged access. The vulnerability is particularly concerning because it leverages legitimate maintenance mechanisms, making detection and prevention more challenging.

For European organizations, the impact of CVE-2025-36137 can be severe. IBM Sterling Connect:Direct is widely used in industries requiring secure, reliable file transfers such as banking, insurance, manufacturing, and logistics. Exploitation could allow attackers to escalate privileges from an already privileged user to full administrative control, enabling data theft, manipulation, or disruption of critical file transfer operations. This could lead to breaches of sensitive personal data protected under GDPR, causing regulatory penalties and reputational damage. Additionally, disruption of file transfer workflows could impact business continuity, especially in supply chain and financial transaction processing. The high integrity and availability impact means attackers could alter or delete critical files or disrupt services, potentially causing operational outages. Given the network attack vector and no user interaction requirement, the vulnerability could be exploited remotely by insiders or external attackers who have gained privileged access, increasing the risk profile. Organizations with complex, distributed deployments of Sterling Connect:Direct are particularly vulnerable due to the difficulty in uniformly applying mitigations and monitoring privileged user activities.

1. Apply official patches or fixes from IBM as soon as they become available for the affected versions of Sterling Connect:Direct for Unix. 2. Until patches are available, restrict Control Center Director (CCD) user permissions to the minimum necessary, removing any unnecessary privileges related to maintenance tasks and post-update scripts. 3. Implement strict access controls and monitoring on CCD accounts, including multi-factor authentication and detailed logging of all maintenance and update activities. 4. Conduct regular audits of user privileges and review post-update script permissions to ensure they do not exceed the principle of least privilege. 5. Segment network access to Sterling Connect:Direct servers to limit exposure to only trusted administrative networks. 6. Employ host-based intrusion detection systems to monitor for anomalous privilege escalation or script execution activities. 7. Educate system administrators and security teams about the risk of privilege escalation via maintenance scripts and enforce secure operational procedures. 8. Maintain an up-to-date inventory of Sterling Connect:Direct deployments and versions to prioritize patching and risk management efforts.