CVE-2025-14115
Unknown Unknown - Not Provided
Hard-Coded Credentials in IBM Sterling Connect:Direct UNIX

Publication date: 2026-01-20

Last updated on: 2026-01-20

Assigner: IBM Corporation

Description
IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-20
Last Modified
2026-01-20
Generated
2026-06-16
AI Q&A
2026-01-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14115
EUVD
EUVD-2026-3421
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ibm sterling_connect From 6.3.0.0 (inc) to 6.3.0.6 (inc)
ibm sterling_connect From 6.4.0.0 (inc) to 6.4.0.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability, identified as CVE-2025-14115, affects IBM Sterling Connect:Direct for UNIX Container versions 6.3.0.0 through 6.3.0.6 Interim Fix 016 and 6.4.0.0 through 6.4.0.3 Interim Fix 019. It involves hard-coded credentials, such as passwords or cryptographic keys, embedded within the product. These credentials are used internally for inbound authentication, outbound communication with external components, or encryption of internal data. The presence of hard-coded credentials is classified as CWE-798 (Use of Hard-coded Credentials). The vulnerability allows a local attacker to exploit these credentials with low attack complexity and no privileges or user interaction required, potentially compromising confidentiality, integrity, and availability of the system. The issue is fixed by removing hard-coded credentials and replacing them with dynamically generated credentials during container initialization. [1]

Compliance Impact

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can have a high impact on your system's confidentiality, integrity, and availability. Because the product uses hard-coded credentials for authentication, communication, and encryption, an attacker with local access could exploit these credentials to gain unauthorized access, manipulate data, or disrupt services. The CVSS score of 8.4 indicates a severe risk, meaning that exploitation could lead to significant compromise of sensitive information and system operations. [1]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade IBM Sterling Connect:Direct for UNIX Container to the fixed versions. For 6.3.x versions, apply 6.3.0.6_iFix017 (APAR IT48880), and for 6.4.x versions, apply 6.4.0.4 (APAR IT48880). IBM strongly recommends upgrading to these fixed versions as no workarounds or mitigations are provided. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14115. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart