IBM Product Security Update Advisory

Overview

 

We have released a security update to fix vulnerabilities in IBM products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-14115

 

IBM Sterling Connect:Direct for UNIX Container Versions: 6.3.0.0 and later 6.3.0.6_iFix016 and earlier
IBM Sterling Connect:Direct for UNIX Container Versions: 6.4.0.0 or later and 6.4.0.3_iFix019 or earlier

 

CVE-2025-36418

 

IBM ApplinX Version: 11.1

 

 

Resolved Vulnerabilities

 

Hardcoded credential vulnerability in IBM Sterling Connect:Direct for UNIX Container (CVE-2025-14115)
Privilege escalation vulnerability due to lack of JWT token validation in IBM ApplinX (CVE-2025-36418)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-14115

 

IBM Sterling Connect:Direct for UNIX Container Version: 6.3.0.6_iFix017
IBM Sterling Connect:Direct for UNIX Container Version: 6.4.0.4

 

CVE-2025-36418

 

IBM ApplinX version: See Referenced Sites for updates[2]

 

 

References

 

[1] Security Bulletin: IBM Sterling Connect:Direct for UNIX Container is affected by vulnerability where hard-coded credentials are embodied in the product for its internal use.
https://www.ibm.com/support/pages/node/7257143
[2] Security Bulletin: Multiple vulnerabilities found in IBM ApplinX.
https://www.ibm.com/support/pages/node/7257446