Vulnerability-Lookup

WID-SEC-W-2026-0352

Vulnerability from csaf_certbund - Published: 2026-02-09 23:00 - Updated: 2026-04-27 22:00

Summary

IBM DB2: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.

Angriff: Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuführen und vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2025-13867

Affected products

Known affected 4 products

Product	Identifier	Version
IBM License Metric Tool IBM	`cpe:/a:ibm:license_metric_tool:-`	—
IBM DB2 12.1.3 Special Build #74153 IBM / DB2	`cpe:/a:ibm:db2:12.1.3_special_build_74153`	12.1.3 Special Build #74153
IBM DB2 12.1.2 Special Build #72296 IBM / DB2	`cpe:/a:ibm:db2:12.1.2_special_build_72296`	12.1.2 Special Build #72296
IBM DB2 11.5.9 Special Build #66394 IBM / DB2	`cpe:/a:ibm:db2:11.5.9_special_build_66394`	11.5.9 Special Build #66394

CVE-2025-14689

Affected products

Known affected 4 products

Product	Identifier	Version
IBM License Metric Tool IBM	`cpe:/a:ibm:license_metric_tool:-`	—
IBM DB2 12.1.3 Special Build #74153 IBM / DB2	`cpe:/a:ibm:db2:12.1.3_special_build_74153`	12.1.3 Special Build #74153
IBM DB2 12.1.2 Special Build #72296 IBM / DB2	`cpe:/a:ibm:db2:12.1.2_special_build_72296`	12.1.2 Special Build #72296
IBM DB2 11.5.9 Special Build #66394 IBM / DB2	`cpe:/a:ibm:db2:11.5.9_special_build_66394`	11.5.9 Special Build #66394

CVE-2025-36247

Affected products

Known affected 4 products

Product	Identifier	Version
IBM License Metric Tool IBM	`cpe:/a:ibm:license_metric_tool:-`	—
IBM DB2 12.1.3 Special Build #74153 IBM / DB2	`cpe:/a:ibm:db2:12.1.3_special_build_74153`	12.1.3 Special Build #74153
IBM DB2 12.1.2 Special Build #72296 IBM / DB2	`cpe:/a:ibm:db2:12.1.2_special_build_72296`	12.1.2 Special Build #72296
IBM DB2 11.5.9 Special Build #66394 IBM / DB2	`cpe:/a:ibm:db2:11.5.9_special_build_66394`	11.5.9 Special Build #66394

CVE-2025-36425

Affected products

Known affected 4 products

Product	Identifier	Version
IBM License Metric Tool IBM	`cpe:/a:ibm:license_metric_tool:-`	—
IBM DB2 12.1.3 Special Build #74153 IBM / DB2	`cpe:/a:ibm:db2:12.1.3_special_build_74153`	12.1.3 Special Build #74153
IBM DB2 12.1.2 Special Build #72296 IBM / DB2	`cpe:/a:ibm:db2:12.1.2_special_build_72296`	12.1.2 Special Build #72296
IBM DB2 11.5.9 Special Build #66394 IBM / DB2	`cpe:/a:ibm:db2:11.5.9_special_build_66394`	11.5.9 Special Build #66394

CVE-2025-13108

Affected products

Known affected 4 products

Product	Identifier	Version
IBM License Metric Tool IBM	`cpe:/a:ibm:license_metric_tool:-`	—
IBM DB2 12.1.3 Special Build #74153 IBM / DB2	`cpe:/a:ibm:db2:12.1.3_special_build_74153`	12.1.3 Special Build #74153
IBM DB2 12.1.2 Special Build #72296 IBM / DB2	`cpe:/a:ibm:db2:12.1.2_special_build_72296`	12.1.2 Special Build #72296
IBM DB2 11.5.9 Special Build #66394 IBM / DB2	`cpe:/a:ibm:db2:11.5.9_special_build_66394`	11.5.9 Special Build #66394

CVE-2025-33124

Affected products

Known affected 4 products

Product	Identifier	Version
IBM License Metric Tool IBM	`cpe:/a:ibm:license_metric_tool:-`	—
IBM DB2 12.1.3 Special Build #74153 IBM / DB2	`cpe:/a:ibm:db2:12.1.3_special_build_74153`	12.1.3 Special Build #74153
IBM DB2 12.1.2 Special Build #72296 IBM / DB2	`cpe:/a:ibm:db2:12.1.2_special_build_72296`	12.1.2 Special Build #72296
IBM DB2 11.5.9 Special Build #66394 IBM / DB2	`cpe:/a:ibm:db2:11.5.9_special_build_66394`	11.5.9 Special Build #66394

CVE-2025-33130

Affected products

Known affected 4 products

Product	Identifier	Version
IBM License Metric Tool IBM	`cpe:/a:ibm:license_metric_tool:-`	—
IBM DB2 12.1.3 Special Build #74153 IBM / DB2	`cpe:/a:ibm:db2:12.1.3_special_build_74153`	12.1.3 Special Build #74153
IBM DB2 12.1.2 Special Build #72296 IBM / DB2	`cpe:/a:ibm:db2:12.1.2_special_build_72296`	12.1.2 Special Build #72296
IBM DB2 11.5.9 Special Build #66394 IBM / DB2	`cpe:/a:ibm:db2:11.5.9_special_build_66394`	11.5.9 Special Build #66394

References

8 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7259963	external
https://www.ibm.com/support/pages/node/7259962	external
https://www.ibm.com/support/pages/node/7259961	external
https://www.ibm.com/support/pages/node/7259964	external
https://www.ibm.com/support/pages/node/7260043	external
https://www.ibm.com/support/pages/node/7270885	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0352 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0352.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0352 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0352"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7259963 vom 2026-02-09",
        "url": "https://www.ibm.com/support/pages/node/7259963"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7259962 vom 2026-02-09",
        "url": "https://www.ibm.com/support/pages/node/7259962"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7259961 vom 2026-02-09",
        "url": "https://www.ibm.com/support/pages/node/7259961"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7259964 vom 2026-02-09",
        "url": "https://www.ibm.com/support/pages/node/7259964"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7260043 vom 2026-02-09",
        "url": "https://www.ibm.com/support/pages/node/7260043"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7270885 vom 2026-04-27",
        "url": "https://www.ibm.com/support/pages/node/7270885"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM DB2: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-04-27T22:00:00.000+00:00",
      "generator": {
        "date": "2026-04-28T08:30:26.927+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0352",
      "initial_release_date": "2026-02-09T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-09T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-27T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.5.9 Special Build #66394",
                "product": {
                  "name": "IBM DB2 11.5.9 Special Build #66394",
                  "product_id": "T050672",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:11.5.9_special_build_66394"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12.1.2 Special Build #72296",
                "product": {
                  "name": "IBM DB2 12.1.2 Special Build #72296",
                  "product_id": "T050673",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:12.1.2_special_build_72296"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12.1.3 Special Build #74153",
                "product": {
                  "name": "IBM DB2 12.1.3 Special Build #74153",
                  "product_id": "T050674",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:12.1.3_special_build_74153"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DB2"
          },
          {
            "category": "product_name",
            "name": "IBM License Metric Tool",
            "product": {
              "name": "IBM License Metric Tool",
              "product_id": "T016581",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:license_metric_tool:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-13867",
      "product_status": {
        "known_affected": [
          "T016581",
          "T050674",
          "T050673",
          "T050672"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-13867"
    },
    {
      "cve": "CVE-2025-14689",
      "product_status": {
        "known_affected": [
          "T016581",
          "T050674",
          "T050673",
          "T050672"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-14689"
    },
    {
      "cve": "CVE-2025-36247",
      "product_status": {
        "known_affected": [
          "T016581",
          "T050674",
          "T050673",
          "T050672"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-36247"
    },
    {
      "cve": "CVE-2025-36425",
      "product_status": {
        "known_affected": [
          "T016581",
          "T050674",
          "T050673",
          "T050672"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-36425"
    },
    {
      "cve": "CVE-2025-13108",
      "product_status": {
        "known_affected": [
          "T016581",
          "T050674",
          "T050673",
          "T050672"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-13108"
    },
    {
      "cve": "CVE-2025-33124",
      "product_status": {
        "known_affected": [
          "T016581",
          "T050674",
          "T050673",
          "T050672"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-33124"
    },
    {
      "cve": "CVE-2025-33130",
      "product_status": {
        "known_affected": [
          "T016581",
          "T050674",
          "T050673",
          "T050672"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-33130"
    }
  ]
}

CVE-2025-13108 (GCVE-0-2025-13108)

Vulnerability from cvelistv5 – Published: 2026-02-17 19:11 – Updated: 2026-02-26 21:42

Title

Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows

Summary

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-226 - Sensitive Information in Resource Not Removed Before Reuse

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7260043	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
IBM	DB2 Merge Backup for Linux, UNIX and Windows	Affected: 12.1.0.0 , ≤ 2.1.0 (semver) cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13108",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-17T19:52:07.537801Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-226",
                "description": "CWE-226 Sensitive Information in Resource Not Removed Before Reuse",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T21:42:41.200Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:*:*:*:*:*:*:*"
          ],
          "product": "DB2 Merge Backup for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "2.1.0",
              "status": "affected",
              "version": "12.1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.\u003c/p\u003e"
            }
          ],
          "value": "IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-17T19:11:18.442Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7260043"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePlease download and install Interim Fix 12.1.0.0.1 from Fix Central\u003c/p\u003e"
            }
          ],
          "value": "Please download and install Interim Fix 12.1.0.0.1 from Fix Central"
        }
      ],
      "title": "Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-13108",
    "datePublished": "2026-02-17T19:11:18.442Z",
    "dateReserved": "2025-11-12T22:27:04.622Z",
    "dateUpdated": "2026-02-26T21:42:41.200Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-13867 (GCVE-0-2025-13867)

Vulnerability from cvelistv5 – Published: 2026-02-17 17:13 – Updated: 2026-02-17 19:34

Title

IBM Db2 Denial of Service

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1284 - Improper Validation of Specified Quantity in Input

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7259963	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
IBM	Db2 for Linux, UNIX and Windows	Affected: 11.5.0 , ≤ 11.5.9 (semver) Affected: 12.1.0 , ≤ 12.1.3 (semver) cpe:2.3:a:ibm:db2:11.5.0:::::linux:: cpe:2.3:a:ibm:db2:11.5.0:::::unix:: cpe:2.3:a:ibm:db2:11.5.0:::::aix:: cpe:2.3:a:ibm:db2:11.5.0:::::windows:: cpe:2.3:a:ibm:db2:11.5.0:::::zos:: cpe:2.3:a:ibm:db2:11.5.9:::::linux:: cpe:2.3:a:ibm:db2:11.5.9:::::unix:: cpe:2.3:a:ibm:db2:11.5.9:::::aix:: cpe:2.3:a:ibm:db2:11.5.9:::::windows:: cpe:2.3:a:ibm:db2:11.5.9:::::zos:: cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.0:::::unix:: cpe:2.3:a:ibm:db2:12.1.0:::::aix:: cpe:2.3:a:ibm:db2:12.1.0:::::windows:: cpe:2.3:a:ibm:db2:12.1.0:::::zos:: cpe:2.3:a:ibm:db2:12.1.3:::::linux:: cpe:2.3:a:ibm:db2:12.1.3:::::unix:: cpe:2.3:a:ibm:db2:12.1.3:::::aix:: cpe:2.3:a:ibm:db2:12.1.3:::::windows:: cpe:2.3:a:ibm:db2:12.1.3:::::zos::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13867",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-17T19:32:04.021512Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-17T19:34:24.825Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:zos:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.5.9",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.1.3",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through\u0026nbsp;11.5.9 and\u0026nbsp;12.1.0 through\u0026nbsp;12.1.3\u0026nbsp;could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic\u003c/p\u003e"
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through\u00a011.5.9 and\u00a012.1.0 through\u00a012.1.3\u00a0could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-17T17:16:17.979Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7259963"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCustomers running any vulnerable modpack level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000007PT7/dt455798\"\u003eDT455798\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eSpecial Build #66394 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7087189\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000007PT7/dt455798\"\u003eDT455798\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #72296 or later for V12.1.2 available at this link:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eSpecial Build #74153 or later for V12.1.3 available at this link:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1213-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1213-published-cumulative-special-build-downloads\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "Customers running any vulnerable modpack level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\u00a0\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 V12.1\n\n\u00a0\n\nTBD\n\n\u00a0\n\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \n\nSpecial Build #74153 or later for V12.1.3 available at this link:\n https://www.ibm.com/support/pages/db2-v1213-published-cumulative-special-build-downloads"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 Denial of Service",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-13867",
    "datePublished": "2026-02-17T17:13:00.450Z",
    "dateReserved": "2025-12-02T01:53:24.494Z",
    "dateUpdated": "2026-02-17T19:34:24.825Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14689 (GCVE-0-2025-14689)

Vulnerability from cvelistv5 – Published: 2026-02-17 17:12 – Updated: 2026-02-17 18:34

Title

IBM Db2 Denial of Service

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1284 - Improper Validation of Specified Quantity in Input

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7259964	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
IBM	Db2 for Linux, UNIX and Windows	Affected: 12.1.0 , ≤ 12.1.3 (semver) cpe:2.3:a:ibm:db2:12.1.0:::::aix:: cpe:2.3:a:ibm:db2:12.1.3:::::aix::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14689",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-17T18:34:13.380046Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-17T18:34:26.129Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:aix:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "12.1.3",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-17T17:16:02.570Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7259964"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCustomers running any vulnerable modpack level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000008A0b/dt457502\"\u003eDT457502\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #72296 or later for V12.1.2 available at this link:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eSpecial Build #74153 or later for V12.1.3 available at this link:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1213-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1213-published-cumulative-special-build-downloads\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "Customers running any vulnerable modpack level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\u00a0\n\nReleaseFixed in mod packAPARDownload URLV12.1\n\n\u00a0\n\nTBD\n\n\u00a0\n\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \n\nSpecial Build #74153 or later for V12.1.3 available at this link:\n https://www.ibm.com/support/pages/db2-v1213-published-cumulative-special-build-downloads"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 Denial of Service",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-14689",
    "datePublished": "2026-02-17T17:12:56.185Z",
    "dateReserved": "2025-12-14T03:23:15.333Z",
    "dateUpdated": "2026-02-17T18:34:26.129Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-33124 (GCVE-0-2025-33124)

Vulnerability from cvelistv5 – Published: 2026-02-17 19:13 – Updated: 2026-02-17 19:51

Title

Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows

Summary

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-131 - Incorrect Calculation of Buffer Size

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7260043	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
IBM	DB2 Merge Backup for Linux, UNIX and Windows	Affected: 12.1.0.0 , ≤ 2.1.0 (semver) cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-33124",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-17T19:51:14.970177Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-17T19:51:24.635Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:*:*:*:*:*:*:*"
          ],
          "product": "DB2 Merge Backup for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "2.1.0",
              "status": "affected",
              "version": "12.1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size.\u003c/p\u003e"
            }
          ],
          "value": "IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131 Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-17T19:13:21.530Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7260043"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePlease download and install Interim Fix 12.1.0.0.1 from Fix Central\u003c/p\u003e"
            }
          ],
          "value": "Please download and install Interim Fix 12.1.0.0.1 from Fix Central"
        }
      ],
      "title": "Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-33124",
    "datePublished": "2026-02-17T19:13:21.530Z",
    "dateReserved": "2025-04-15T17:50:56.613Z",
    "dateUpdated": "2026-02-17T19:51:24.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-33130 (GCVE-0-2025-33130)

Vulnerability from cvelistv5 – Published: 2026-02-17 19:14 – Updated: 2026-02-17 19:50

Title

Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows

Summary

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7260043	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
IBM	DB2 Merge Backup for Linux, UNIX and Windows	Affected: 12.1.0.0 , ≤ 2.1.0 (semver) cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-33130",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-17T19:50:18.284060Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-17T19:50:33.125Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2_merge_backup_for_linux_unix_and_windows:12.1.0.0:*:*:*:*:*:*:*"
          ],
          "product": "DB2 Merge Backup for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "2.1.0",
              "status": "affected",
              "version": "12.1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.\u003c/p\u003e"
            }
          ],
          "value": "IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-17T19:14:58.095Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7260043"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePlease download and install Interim Fix 12.1.0.0.1 from Fix Central\u003c/p\u003e"
            }
          ],
          "value": "Please download and install Interim Fix 12.1.0.0.1 from Fix Central"
        }
      ],
      "title": "Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-33130",
    "datePublished": "2026-02-17T19:14:48.468Z",
    "dateReserved": "2025-04-15T17:51:11.506Z",
    "dateUpdated": "2026-02-17T19:50:33.125Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-36247 (GCVE-0-2025-36247)

Vulnerability from cvelistv5 – Published: 2026-02-17 17:13 – Updated: 2026-02-17 19:21

Title

IBM Db2 XML External Entity Reference

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Severity

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-611 - Improper Restriction of XML External Entity Reference

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7259961	patchvendor-advisory

Impacted products

1 product

Vendor	Product	Version
IBM	Db2 for Linux, UNIX and Windows	Affected: 11.5.0 , ≤ 11.5.9 (semver) Affected: 12.1.0 , ≤ 12.1.3 (semver) cpe:2.3:a:ibm:db2:11.5.0:::::linux:: cpe:2.3:a:ibm:db2:11.5.0:::::unix:: cpe:2.3:a:ibm:db2:11.5.0:::::aix:: cpe:2.3:a:ibm:db2:11.5.0:::::windows:: cpe:2.3:a:ibm:db2:11.5.0:::::zos:: cpe:2.3:a:ibm:db2:11.5.9:::::linux:: cpe:2.3:a:ibm:db2:11.5.9:::::unix:: cpe:2.3:a:ibm:db2:11.5.9:::::aix:: cpe:2.3:a:ibm:db2:11.5.9:::::windows:: cpe:2.3:a:ibm:db2:11.5.9:::::zos:: cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.0:::::unix:: cpe:2.3:a:ibm:db2:12.1.0:::::aix:: cpe:2.3:a:ibm:db2:12.1.0:::::windows:: cpe:2.3:a:ibm:db2:12.1.0:::::zos:: cpe:2.3:a:ibm:db2:12.1.3:::::linux:: cpe:2.3:a:ibm:db2:12.1.3:::::unix:: cpe:2.3:a:ibm:db2:12.1.3:::::aix:: cpe:2.3:a:ibm:db2:12.1.3:::::windows:: cpe:2.3:a:ibm:db2:12.1.3:::::zos::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36247",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-17T19:10:18.217073Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-17T19:21:41.367Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:zos:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.5.9",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.1.3",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.\u003c/p\u003e"
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611 Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-17T17:17:13.843Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "patch",
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7259961"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCustomers running any vulnerable modpack level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000004glR/dt449252\"\u003eDT449252\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #66394 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7087189\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000004glR/dt449252\"\u003eDT449252\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #72296 or later for V12.1.2 available at this link:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eSpecial Build #74153 or later for V12.1.3 available at this link:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1213-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1213-published-cumulative-special-build-downloads\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "Customers running any vulnerable modpack level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\u00a0\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\nV12.1\n\n\u00a0\n\nTBD\n\n\u00a0\n\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \n\nSpecial Build #74153 or later for V12.1.3 available at this link:\n https://www.ibm.com/support/pages/db2-v1213-published-cumulative-special-build-downloads"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 XML External Entity Reference",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-36247",
    "datePublished": "2026-02-17T17:13:06.775Z",
    "dateReserved": "2025-04-15T21:16:43.936Z",
    "dateUpdated": "2026-02-17T19:21:41.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-36425 (GCVE-0-2025-36425)

Vulnerability from cvelistv5 – Published: 2026-02-17 17:13 – Updated: 2026-02-17 19:31

Title

IBM Db2 Information Disclosure

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-256

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7259962	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
IBM	Db2 for Linux, UNIX and Windows	Affected: 11.5.0 , ≤ 11.5.9 (semver) Affected: 12.1.0 , ≤ 12.1.3 (semver) cpe:2.3:a:ibm:db2:11.5.0:::::linux:: cpe:2.3:a:ibm:db2:11.5.0:::::unix:: cpe:2.3:a:ibm:db2:11.5.0:::::aix:: cpe:2.3:a:ibm:db2:11.5.0:::::windows:: cpe:2.3:a:ibm:db2:11.5.0:::::zos:: cpe:2.3:a:ibm:db2:11.5.9:::::linux:: cpe:2.3:a:ibm:db2:11.5.9:::::unix:: cpe:2.3:a:ibm:db2:11.5.9:::::aix:: cpe:2.3:a:ibm:db2:11.5.9:::::windows:: cpe:2.3:a:ibm:db2:11.5.9:::::zos:: cpe:2.3:a:ibm:db2:12.1.0:::::linux:: cpe:2.3:a:ibm:db2:12.1.0:::::unix:: cpe:2.3:a:ibm:db2:12.1.0:::::aix:: cpe:2.3:a:ibm:db2:12.1.0:::::windows:: cpe:2.3:a:ibm:db2:12.1.0:::::zos:: cpe:2.3:a:ibm:db2:12.1.3:::::linux:: cpe:2.3:a:ibm:db2:12.1.3:::::unix:: cpe:2.3:a:ibm:db2:12.1.3:::::aix:: cpe:2.3:a:ibm:db2:12.1.3:::::windows:: cpe:2.3:a:ibm:db2:12.1.3:::::zos::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36425",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-17T19:30:32.112422Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-17T19:31:31.869Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
            "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:linux:*:*",
            "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:zos:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Db2 for Linux, UNIX and Windows",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.5.9",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.1.3",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration.\u003c/p\u003e"
            }
          ],
          "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-17T17:16:33.101Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7259962"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCustomers running any vulnerable modpack level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000006gnl/dt454069\"\u003eDT454069\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #66394 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7087189\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000006gnl/dt454069\"\u003eDT454069\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #72296 or later for V12.1.2 available at this link:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eSpecial Build #74153 or later for V12.1.3 available at this link:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1213-published-cumulative-special-build-downloads\"\u003ehttps://www.ibm.com/support/pages/db2-v1213-published-cumulative-special-build-downloads\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "Customers running any vulnerable modpack level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\u00a0\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\nV12.1\n\n\u00a0\n\nTBD\n\n\u00a0\n\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \n\nSpecial Build #74153 or later for V12.1.3 available at this link:\n https://www.ibm.com/support/pages/db2-v1213-published-cumulative-special-build-downloads"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Db2 Information Disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-36425",
    "datePublished": "2026-02-17T17:13:03.635Z",
    "dateReserved": "2025-04-15T21:17:02.754Z",
    "dateUpdated": "2026-02-17T19:31:31.869Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0352

CVE-2025-13108 (GCVE-0-2025-13108)

CVE-2025-13867 (GCVE-0-2025-13867)

CVE-2025-14689 (GCVE-0-2025-14689)

CVE-2025-33124 (GCVE-0-2025-33124)

CVE-2025-33130 (GCVE-0-2025-33130)

CVE-2025-36247 (GCVE-0-2025-36247)

CVE-2025-36425 (GCVE-0-2025-36425)

Tags

Sightings

Nomenclature