SecuriTricks - CVE-2025-33014

Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.

Product(s) Impacted

Vendor	Product	Versions
Ibm	Sterling B2b Integrator Sterling File Gateway	6.0.0.0-6.1.2.7, 6.2.0.0-6.2.0.4 6.0.0.0-6.1.2.7, 6.2.0.0-6.2.0.4

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1022

Use of Web Link to Untrusted Target with window.opener Access

The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	ibm	sterling_b2b_integrator	6.0.0.0-6.1.2.7	/	/	/	/	/	/	/
a	ibm	sterling_b2b_integrator	6.2.0.0-6.2.0.4	/	/	/	/	/	/	/
a	ibm	sterling_file_gateway	6.0.0.0-6.1.2.7	/	/	/	/	/	/	/
a	ibm	sterling_file_gateway	6.2.0.0-6.2.0.4	/	/	/	/	/	/	/

References

https://www.ibm.com/support/pages/node/7240065

CVSS Score

5.4 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
Scope: CHANGED
Confidentiality Impact: LOW
Integrity Impact: LOW
Availability Impact: NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

View Vector String

Timeline

Published: July 18, 2025, 7:15 p.m.
Last Modified: July 18, 2025, 7:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@us.ibm.com

CVE-2025-33014