CVE-2025-36425

Summary

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration.

Affected Software

VendorProductVersion RangeStatus
IBMDb2 for Linux, UNIX and Windows11.5.0 <= 11.5.9affected
IBMDb2 for Linux, UNIX and Windows12.1.0 <= 12.1.3affected

Weaknesses

  • CWE-256: CWE-256

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References