Cyber Resilience

CVE-2025-14031

HighRCE

Published: 17 March 2026

Published
17 March 2026
Modified
19 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0011 28.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-14031 is a high-severity Command Injection (CWE-77) vulnerability in Ibm Sterling B2B Integrator. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-14031 affects IBM Sterling B2B Integrator and IBM Sterling File Gateway in versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0. The vulnerability enables an unauthenticated attacker to send a specially crafted request that causes the application to crash, classified under CWE-77 (Command Injection) with limited additional details from NVD-CWE-noinfo. It carries a CVSS v3.1 base score of 7.5, reflecting network accessibility, low attack complexity, no privileges or user interaction required, unscoped impact, and high availability disruption with no confidentiality or integrity effects.

Any unauthenticated attacker with network access to the vulnerable application can exploit this issue remotely. Exploitation involves sending a malicious request that triggers the crash, leading to a denial-of-service condition where the application becomes unavailable. No authentication, privileges, or user involvement is needed, making it straightforward for remote adversaries to repeatedly disrupt services.

IBM provides mitigation guidance and patch information in its security advisory at https://www.ibm.com/support/pages/node/7266520. Security practitioners should review this reference for version-specific fixes and apply them promptly to affected installations.

EU & UK References

Vulnerability details

IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499 Endpoint Denial of Service Impact
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
Why these techniques?

Remote unauthenticated command injection on public-facing app directly enables exploitation (T1190) resulting in application crash/DoS (T1499).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-1264Same product: Ibm Sterling B2B Integrator
CVE-2025-36368Same product: Ibm Sterling B2B Integrator
CVE-2024-31903Same product: Ibm Sterling B2B Integrator
CVE-2023-38739Same product: Ibm Sterling B2B Integrator
CVE-2023-50316Same product: Ibm Sterling B2B Integrator
CVE-2025-10035Same product class: managed file transfer
CVE-2023-49886Same vendor: Ibm
CVE-2026-8486Same product class: managed file transfer
CVE-2024-39750Same vendor: Ibm
CVE-2026-9170Same vendor: Ibm

Affected Assets

ibm
sterling b2b integrator
6.2.2.0 · 6.1.0.0 — 6.1.2.8 · 6.2.0.0 — 6.2.0.5_2 · 6.2.1.0 — 6.2.1.1_2
ibm
sterling file gateway
6.2.2.0 · 6.1.0.0 — 6.1.2.8 · 6.2.0.0 — 6.2.0.5_2 · 6.2.1.0 — 6.2.1.1_2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of the command injection vulnerability through patching as provided in IBM's security advisory, eliminating the root cause of the application crash.

prevent

Mandates validation of information inputs to prevent specially crafted requests from triggering command injection and subsequent application crashes.

preventdetect

Implements denial-of-service protections at system entry points to block or limit unauthenticated crafted requests that cause availability disruptions.

References