Details of VAR-202507-2600

ID

VAR-202507-2600

CVE

CVE-2025-2827

TITLE

IBM of IBM Sterling File Gateway Directory listing information disclosure vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-010572

DESCRIPTION

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system. Attackers can exploit this vulnerability to obtain sensitive path information of the system and then plan further attacks against the system

Trust: 2.16

sources: NVD: CVE-2025-2827 // JVNDB: JVNDB-2025-010572 // CNVD: CNVD-2025-16976

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-16976

AFFECTED PRODUCTS

vendor:	ibm	model:	sterling file gateway	scope:	gte	version:	6.0.0.0	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	lt	version:	6.1.2.7_1	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	lt	version:	6.2.0.5	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	gte	version:	6.2.0.0	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	6.0.0.0 that's all 6.1.2.7 1	Trust: 0.8
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	6.2.0.0 that's all 6.2.0.5	Trust: 0.8
vendor:	ibm	model:	sterling file gateway	scope:	gte	version:	6.0.0.0,<=6.1.2.6	Trust: 0.6
vendor:	ibm	model:	sterling file gateway	scope:	gte	version:	6.2.0.0,<=6.2.0.4	Trust: 0.6

sources: CNVD: CNVD-2025-16976 // JVNDB: JVNDB-2025-010572 // NVD: CVE-2025-2827

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@us.ibm.com:	CVE-2025-2827
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-010572
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-16976
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-16976
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@us.ibm.com:	CVE-2025-2827
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-010572
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-16976 // JVNDB: JVNDB-2025-010572 // NVD: CVE-2025-2827

PROBLEMTYPE DATA

problemtype:	CWE-548	Trust: 1.0
problemtype:	Information disclosure through directory listings (CWE-548) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-010572 // NVD: CVE-2025-2827

PATCH

title:	7239094	url:	https://www.ibm.com/support/pages/node/7239094	Trust: 0.8
title:	Patch for IBM Sterling File Gateway Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/709206	Trust: 0.6

sources: CNVD: CNVD-2025-16976 // JVNDB: JVNDB-2025-010572

EXTERNAL IDS

db:	NVD	id:	CVE-2025-2827	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-010572	Trust: 0.8
db:	CNVD	id:	CNVD-2025-16976	Trust: 0.6

sources: CNVD: CNVD-2025-16976 // JVNDB: JVNDB-2025-010572 // NVD: CVE-2025-2827

REFERENCES

url:	https://www.ibm.com/support/pages/node/7239094	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2025-2827	Trust: 0.8

sources: CNVD: CNVD-2025-16976 // JVNDB: JVNDB-2025-010572 // NVD: CVE-2025-2827

SOURCES

db:	CNVD	id:	CNVD-2025-16976
db:	JVNDB	id:	JVNDB-2025-010572
db:	NVD	id:	CVE-2025-2827

LAST UPDATE DATE

2025-08-06T23:03:38.358000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-16976	date:	2025-07-28T00:00:00
db:	JVNDB	id:	JVNDB-2025-010572	date:	2025-08-05T00:48:00
db:	NVD	id:	CVE-2025-2827	date:	2025-08-02T01:22:49.957

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-16976	date:	2025-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2025-010572	date:	2025-08-05T00:00:00
db:	NVD	id:	CVE-2025-2827	date:	2025-07-08T15:15:27.190