CVE-2025-3630 is a stored cross-site scripting (XSS) vulnerability affecting IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, and IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4. The vulnerability arises from improper neutralization of input during web page generation (CWE-79), allowing authenticated users to inject arbitrary JavaScript code into the web user interface. Because the malicious script is stored, it can execute whenever a legitimate user accesses the affected page, potentially altering the intended functionality of the application. This can lead to the disclosure of sensitive information such as user credentials within a trusted session context. The vulnerability requires the attacker to have authenticated access, but no additional user interaction is needed for exploitation once the malicious script is stored. The CVSS 3.1 base score is 6.4 (medium severity), with an attack vector of network, low attack complexity, privileges required, no user interaction, and a scope change. The impact affects confidentiality and integrity but not availability. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability is significant because IBM Sterling B2B Integrator is widely used for secure business-to-business data exchange and file transfer workflows, making it a critical component in enterprise supply chain and partner integrations. An attacker exploiting this vulnerability could manipulate the web interface to steal session tokens or credentials, potentially enabling further unauthorized access or lateral movement within the enterprise environment.

For European organizations, the impact of CVE-2025-3630 can be substantial due to the critical role IBM Sterling B2B Integrator plays in managing secure B2B communications and data exchanges. Compromise of credentials or session tokens through stored XSS could lead to unauthorized access to sensitive business data, disruption of automated supply chain processes, and exposure of confidential partner information. This could result in financial losses, reputational damage, and regulatory non-compliance, especially under GDPR where data breaches involving personal data must be reported and can incur heavy fines. The scope change indicated in the CVSS vector suggests that exploitation could affect resources beyond the initially vulnerable component, potentially impacting other integrated systems. Since the vulnerability requires authenticated access, insider threats or compromised user accounts pose a higher risk. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, as attackers may develop exploits once patches are available or if the vulnerability is reverse-engineered. European organizations relying on IBM Sterling B2B Integrator for critical business functions should consider this vulnerability a medium risk with potential for escalation if combined with other attack vectors.

1. Implement strict input validation and output encoding on all user-supplied data fields within the IBM Sterling B2B Integrator web interface to prevent injection of malicious scripts. 2. Restrict authenticated user privileges to the minimum necessary to reduce the risk of malicious script injection by unauthorized users. 3. Monitor and audit user activity logs for unusual input patterns or changes in web UI content that could indicate attempted exploitation. 4. Employ web application firewalls (WAFs) with custom rules to detect and block common XSS payloads targeting the Sterling B2B Integrator interface. 5. Isolate the Sterling B2B Integrator environment within segmented network zones to limit lateral movement in case of compromise. 6. Enforce multi-factor authentication (MFA) for all users to reduce the risk of account compromise. 7. Regularly update and patch the IBM Sterling B2B Integrator software as vendor patches become available, and subscribe to IBM security advisories for timely information. 8. Conduct security awareness training for users with access to the system to recognize and report suspicious behavior. 9. Consider implementing Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the web UI. 10. Perform regular security assessments and penetration testing focused on web interface vulnerabilities to identify and remediate similar issues proactively.