CVE-2025-2827

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7239094	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:sterling_file_gateway::::::::
	cpe:2.3:a:ibm:sterling_file_gateway::::::::

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

02 Aug 2025, 01:22

Type	Values Removed	Values Added
References	~~() https://www.ibm.com/support/pages/node/7239094 -~~	() https://www.ibm.com/support/pages/node/7239094 - Vendor Advisory
CPE		cpe:2.3:o:ibm:aix:-:::::::* cpe:2.3:a:ibm:sterling_file_gateway:::::::: cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
First Time		Ibm aix Linux Microsoft Ibm Microsoft windows Ibm sterling File Gateway Linux linux Kernel

08 Jul 2025, 16:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-08 15:15

Updated : 2025-08-02 01:22

NVD link : CVE-2025-2827

Mitre link : CVE-2025-2827

CVE.ORG link : CVE-2025-2827

JSON object : View

Products Affected

microsoft

windows

ibm

sterling_file_gateway
aix

linux

linux_kernel

CWE

CWE-548

Exposure of Information Through Directory Listing

{"id": "CVE-2025-2827", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-07-08T15:15:27.190", "references": [{"url": "https://www.ibm.com/support/pages/node/7239094", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-548"}]}], "descriptions": [{"lang": "en", "value": "IBM Sterling File Gateway \n\n6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4\n\n\n\n\n\ncould disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system."}, {"lang": "es", "value": "IBM Sterling File Gateway 6.0.0.0 a 6.1.2.6 y 6.2.0.0 a 6.2.0.4 podr\u00edan revelar informaci\u00f3n confidencial del directorio de instalaci\u00f3n a un usuario autenticado que podr\u00eda usarse en futuros ataques contra el sistema."}], "lastModified": "2025-08-02T01:22:49.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAE0FFB5-51B7-4D89-8AA5-BC60A848AEE4", "versionEndExcluding": "6.1.2.7_1", "versionStartIncluding": "6.0.0.0"}, {"criteria": "cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94A1DFAD-FD8B-4BA3-AC05-645E53676463", "versionEndExcluding": "6.2.0.5", "versionStartIncluding": "6.2.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}