CVE-2025-33012

Summary

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.

Affected Software

VendorProductVersion RangeStatus
IBMDb210.5.0 <= 10.5.11affected
IBMDb211.1.0 <= 11.1.4.7affected
IBMDb211.5.0 <= 11.5.9affected
IBMDb212.1.0 <= 12.1.3affected

Weaknesses

  • CWE-324: CWE-324 Use of a Key Past its Expiration Date

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References