Skip to main content

Sterling B2b Integrator EUVD-2025-208811

| CVE-2025-14031 HIGH
Command Injection (CWE-77)
2026-03-17 ibm
IBM Command Injection Sterling B2b Integrator
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 17, 2026 - 23:02 euvd
EUVD-2025-208811
Analysis Generated
Mar 17, 2026 - 23:02 vuln.today
Patch released
Mar 17, 2026 - 23:02 nvd
Patch available
CVE Published
Mar 17, 2026 - 22:41 nvd
HIGH 7.5

DescriptionCVE.org

IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash.

AnalysisAI

IBM Sterling B2B Integrator and IBM Sterling File Gateway contain a denial-of-service vulnerability that allows an unauthenticated remote attacker to crash the application by sending a specially crafted request. The vulnerability affects multiple versions of both products (6.1.0.0 through 6.2.2.0 ranges) and has a high CVSS score of 7.5 due to its network-based attack vector requiring no authentication or user interaction. A patch is available from IBM, and there is no indication of active exploitation in the wild or public proof-of-concept availability at this time.

Technical ContextAI

This vulnerability affects IBM Sterling B2B Integrator and IBM Sterling File Gateway, enterprise-class integration and file transfer platforms commonly used for EDI and B2B communications. The affected CPE (cpe:2.3:a:ibm:sterling_b2b_integrator) covers versions spanning 6.1.0.0 through 6.2.2.0 across multiple patch levels. The root cause is classified as CWE-77 (Improper Neutralization of Special Elements used in a Command), suggesting the application fails to properly sanitize or validate input that may be interpreted as commands or control characters, leading to application crashes when malformed requests are processed. This type of vulnerability typically occurs when user-supplied data is incorporated into system commands or API calls without adequate validation or escaping.

RemediationAI

Apply the security patches provided by IBM for the affected versions of Sterling B2B Integrator and Sterling File Gateway as detailed in the vendor advisory at https://www.ibm.com/support/pages/node/7266520. Organizations should prioritize patching internet-facing instances and systems handling critical business integration workflows. As an interim mitigation measure until patching can be completed, consider implementing network-level protections such as Web Application Firewall (WAF) rules to detect and block malformed requests, restricting access to the application to trusted IP ranges via firewall rules, and implementing rate limiting to reduce the impact of potential denial-of-service attempts. Monitor application logs for unusual request patterns or crashes that may indicate exploitation attempts.

Share

EUVD-2025-208811 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy