CVE-2025-2827

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7239094	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:sterling_file_gateway::::::::
	cpe:2.3:a:ibm:sterling_file_gateway::::::::

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

02 Aug 2025, 01:22

Type	Values Removed	Values Added
Summary		(es) IBM Sterling File Gateway 6.0.0.0 a 6.1.2.6 y 6.2.0.0 a 6.2.0.4 podrían revelar información confidencial del directorio de instalación a un usuario autenticado que podría usarse en futuros ataques contra el sistema.
First Time		Microsoft Ibm Ibm aix Linux Ibm sterling File Gateway Microsoft windows Linux linux Kernel
References	~~() https://www.ibm.com/support/pages/node/7239094 -~~	() https://www.ibm.com/support/pages/node/7239094 - Vendor Advisory
CPE		cpe:2.3:a:ibm:sterling_file_gateway:::::::: cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:ibm:aix:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*

08 Jul 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-08 15:15

Updated : 2025-08-02 01:22

NVD link : CVE-2025-2827

Mitre link : CVE-2025-2827

CVE.ORG link : CVE-2025-2827

JSON object : View

Products Affected

ibm

aix
sterling_file_gateway

linux

linux_kernel

microsoft

windows

CWE

CWE-548

Exposure of Information Through Directory Listing

{"id": "CVE-2025-2827", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-07-08T15:15:27.190", "references": [{"url": "https://www.ibm.com/support/pages/node/7239094", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-548"}]}], "descriptions": [{"lang": "en", "value": "IBM Sterling File Gateway \n\n6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4\n\n\n\n\n\ncould disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system."}, {"lang": "es", "value": "IBM Sterling File Gateway 6.0.0.0 a 6.1.2.6 y 6.2.0.0 a 6.2.0.4 podr\u00edan revelar informaci\u00f3n confidencial del directorio de instalaci\u00f3n a un usuario autenticado que podr\u00eda usarse en futuros ataques contra el sistema."}], "lastModified": "2025-08-02T01:22:49.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAE0FFB5-51B7-4D89-8AA5-BC60A848AEE4", "versionEndExcluding": "6.1.2.7_1", "versionStartIncluding": "6.0.0.0"}, {"criteria": "cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94A1DFAD-FD8B-4BA3-AC05-645E53676463", "versionEndExcluding": "6.2.0.5", "versionStartIncluding": "6.2.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}