CVE-2025-36247 | THREATINT

Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

PUBLISHED Reserved 2025-04-15 | Published 2026-02-17 | Updated 2026-02-17 | Assigner ibm

HIGH: 7.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Problem types

CWE-611 Improper Restriction of XML External Entity Reference

Product status

Default status

unaffected

11.5.0 (semver)

affected

12.1.0 (semver)

affected

References

www.ibm.com/support/pages/node/7259961 patch vendor-advisory

cve.org (CVE-2025-36247)

nvd.nist.gov (CVE-2025-36247)

Download JSON