CVE-2025-14115
Hard-Coded Credentials in IBM Sterling Connect:Direct UNIX
Publication date: 2026-01-20
Last updated on: 2026-01-20
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | sterling_connect | From 6.3.0.0 (inc) to 6.3.0.6 (inc) |
| ibm | sterling_connect | From 6.4.0.0 (inc) to 6.4.0.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability, identified as CVE-2025-14115, affects IBM Sterling Connect:Direct for UNIX Container versions 6.3.0.0 through 6.3.0.6 Interim Fix 016 and 6.4.0.0 through 6.4.0.3 Interim Fix 019. It involves hard-coded credentials, such as passwords or cryptographic keys, embedded within the product. These credentials are used internally for inbound authentication, outbound communication with external components, or encryption of internal data. The presence of hard-coded credentials is classified as CWE-798 (Use of Hard-coded Credentials). The vulnerability allows a local attacker to exploit these credentials with low attack complexity and no privileges or user interaction required, potentially compromising confidentiality, integrity, and availability of the system. The issue is fixed by removing hard-coded credentials and replacing them with dynamically generated credentials during container initialization. [1]
How can this vulnerability impact me? :
This vulnerability can have a high impact on your system's confidentiality, integrity, and availability. Because the product uses hard-coded credentials for authentication, communication, and encryption, an attacker with local access could exploit these credentials to gain unauthorized access, manipulate data, or disrupt services. The CVSS score of 8.4 indicates a severe risk, meaning that exploitation could lead to significant compromise of sensitive information and system operations. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade IBM Sterling Connect:Direct for UNIX Container to the fixed versions. For 6.3.x versions, apply 6.3.0.6_iFix017 (APAR IT48880), and for 6.4.x versions, apply 6.4.0.4 (APAR IT48880). IBM strongly recommends upgrading to these fixed versions as no workarounds or mitigations are provided. [1]