CVE-2025-2827 — Exposure of Information Through Directory Listing in IBM Sterling File Gateway

CWE-548 — Exposure of Information Through Directory Listing3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 82.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling File Gateway

Timeline

PublishedJul 8

Description

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/sterling_file_gateway6.0.0.0 — 6.1.2.7_1+1

▶CVEListV5ibm/sterling_file_gateway6.0.0.0 — 6.1.2.6+1

🔴Vulnerability Details

CVEList

IBM Sterling File Gateway information disclosure↗2025-07-08

▶

GHSA

GHSA-hrwx-69c9-h8qq: IBM Sterling File Gateway 6↗2025-07-08

▶