CVE-2025-27899

Summary

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system.

Affected Software

VendorProductVersion RangeStatus
IBMDB2 Recovery Expert for LUW5.5 Interim Fix 002affected

Weaknesses

  • CWE-526: CWE-526 Cleartext Storage of Sensitive Information in an Environment Variable

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References