CVE-2025-14031

| EUVD-2025-208811 HIGH
2026-03-17 ibm
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 17, 2026 - 23:02 vuln.today
EUVD ID Assigned
Mar 17, 2026 - 23:02 euvd
EUVD-2025-208811
Patch Released
Mar 17, 2026 - 23:02 nvd
Patch available
CVE Published
Mar 17, 2026 - 22:41 nvd
HIGH 7.5

Tags

IBM Command Injection Sterling B2b Integrator

Description

IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash.

Analysis

IBM Sterling B2B Integrator and IBM Sterling File Gateway contain a denial-of-service vulnerability that allows an unauthenticated remote attacker to crash the application by sending a specially crafted request. The vulnerability affects multiple versions of both products (6.1.0.0 through 6.2.2.0 ranges) and has a high CVSS score of 7.5 due to its network-based attack vector requiring no authentication or user interaction. A patch is available from IBM, and there is no indication of active exploitation in the wild or public proof-of-concept availability at this time.

Technical Context

This vulnerability affects IBM Sterling B2B Integrator and IBM Sterling File Gateway, enterprise-class integration and file transfer platforms commonly used for EDI and B2B communications. The affected CPE (cpe:2.3:a:ibm:sterling_b2b_integrator) covers versions spanning 6.1.0.0 through 6.2.2.0 across multiple patch levels. The root cause is classified as CWE-77 (Improper Neutralization of Special Elements used in a Command), suggesting the application fails to properly sanitize or validate input that may be interpreted as commands or control characters, leading to application crashes when malformed requests are processed. This type of vulnerability typically occurs when user-supplied data is incorporated into system commands or API calls without adequate validation or escaping.

Affected Products

IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are affected. IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are also vulnerable. The affected products are identified via CPE string cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*. Detailed information about affected versions and fixes is available in the IBM security advisory at https://www.ibm.com/support/pages/node/7266520.

Remediation

Apply the security patches provided by IBM for the affected versions of Sterling B2B Integrator and Sterling File Gateway as detailed in the vendor advisory at https://www.ibm.com/support/pages/node/7266520. Organizations should prioritize patching internet-facing instances and systems handling critical business integration workflows. As an interim mitigation measure until patching can be completed, consider implementing network-level protections such as Web Application Firewall (WAF) rules to detect and block malformed requests, restricting access to the application to trusted IP ranges via firewall rules, and implementing rate limiting to reduce the impact of potential denial-of-service attempts. Monitor application logs for unusual request patterns or crashes that may indicate exploitation attempts.

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +38
POC: 0

Share

CVE-2025-14031 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy