CVE-2025-1349

Published Jun 18, 2025

Last updated 24 days ago

CVSS medium 5.5

Overview

Description
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Source
psirt@us.ibm.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
5.5
Impact score
2.7
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

psirt@us.ibm.com
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2025-1349 Stored Cross-Site Scripting Vulnerability in IBM Sterling B2B Integrator and File Gateway https://t.co/3og0VJIg5b

    @VulmonFeeds

    18 Jun 2025

    116 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.