CVE-2025-1348
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-07-25
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| ibm | sterling_b2b_integrator | From 6.0.0.0 (inc) to 6.1.2.7 (exc) |
| ibm | sterling_b2b_integrator | From 6.2 (inc) to 6.2.0.5 (exc) |
| ibm | sterling_file_gateway | From 6.0.0.0 (inc) to 6.1.2.7 (exc) |
| ibm | sterling_file_gateway | From 6.2.0.0 (inc) to 6.2.0.5 (exc) |
| ibm | aix | * |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-525 | The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability, identified as CVE-2025-1348, affects IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4. It is caused by improper cache management where the products do not implement a suitable caching policy. This flaw allows a local user to access sensitive information stored in a user's web browser cache, potentially exposing confidential data. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is limited to confidentiality, as a local attacker could obtain sensitive information from the web browser cache of a user. It does not affect integrity or availability. The vulnerability requires local access, has low attack complexity, and does not require privileges or user interaction. Therefore, if exploited, sensitive data could be exposed to unauthorized local users. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should apply the specific APAR IT47666 fixes and upgrade affected IBM Sterling B2B Integrator and IBM Sterling File Gateway versions as follows: for versions 6.0.0.0 through 6.1.2.6, upgrade to 6.1.2.7, 6.2.0.5, or 6.2.1.0; for versions 6.2.0.0 through 6.2.0.4, upgrade to 6.2.0.5 or 6.2.1.0. The fixed versions are available on IBM Fix Central for IIM versions and via the IBM Entitled Registry for container versions. No workarounds or other mitigations are provided. [1]