CVE-2025-13755

Summary

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.

Affected Software

VendorProductVersion RangeStatus
IBMDb211.5.0 <= 11.5.9affected
IBMDb212.1.0 <= 12.1.4affected

Weaknesses

  • CWE-532: CWE-532 Insertion of Sensitive Information into Log File

Workarounds

Set the diaglevel to 2, 1 or 0

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References