CVE-2025-36425 | THREATINT

Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration.

PUBLISHED Reserved 2025-04-15 | Published 2026-02-17 | Updated 2026-02-17 | Assigner ibm

MEDIUM: 5.3CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-256

Product status

Default status

unaffected

11.5.0 (semver)

affected

12.1.0 (semver)

affected

References

www.ibm.com/support/pages/node/7259962 vendor-advisory patch

cve.org (CVE-2025-36425)

nvd.nist.gov (CVE-2025-36425)

Download JSON