Login Sign Up

CVE-2025-1991

7.5 HIGH
Denial of Service

📋 TL;DR

IBM Informix Dynamic Server contains an integer underflow vulnerability when processing network packets, allowing remote attackers to cause denial of service. This affects versions 12.10, 14.10, and 15.0 of the database server.

💻 Affected Systems

Products:
  • IBM Informix Dynamic Server
Versions: 12.10, 14.10, 15.0
Operating Systems: All supported platforms where IBM Informix runs
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Informix Dynamic Server by Ibm

View all CVEs affecting Informix Dynamic Server →

Informix Dynamic Server by Ibm

View all CVEs affecting Informix Dynamic Server →

Informix Dynamic Server by Ibm

View all CVEs affecting Informix Dynamic Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of IBM Informix Dynamic Server, making the database unavailable to all applications and users.

🟠

Likely Case

Service crashes or hangs requiring manual restart, causing temporary database unavailability.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing unauthorized access to database ports.

🌐 Internet-Facing: HIGH - Remote attackers can exploit this without authentication by sending specially crafted packets to the database port.
🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this, but network segmentation reduces exposure.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Integer underflow vulnerabilities typically require sending malformed packets to trigger the condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes from IBM security advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/7238455

Restart Required: Yes

Instructions:

1. Review IBM advisory 7238455. 2. Download appropriate fix packs for your version. 3. Apply patches following IBM documentation. 4. Restart Informix services.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to Informix ports to only trusted sources

# Use firewall rules to restrict access to Informix ports (e.g., 9088, 9090)
# Example: iptables -A INPUT -p tcp --dport 9088 -s trusted_ip -j ACCEPT
# Example: iptables -A INPUT -p tcp --dport 9088 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit access to Informix ports
  • Monitor for unusual traffic patterns or connection attempts to database ports

🔍 How to Verify

Check if Vulnerable:

Check Informix version: onmserver -version or SELECT DBINFO('version','full') FROM systables WHERE tabid=1

Check Version:

onmserver -version

Verify Fix Applied:

Verify version after patching and check IBM advisory for specific fix versions

📡 Detection & Monitoring

Log Indicators:

  • Informix service crashes or restarts
  • Error messages related to packet processing or memory issues

Network Indicators:

  • Unusual traffic patterns to Informix ports
  • Multiple connection attempts with malformed packets

SIEM Query:

source="informix.log" AND ("crash" OR "restart" OR "abnormal termination")

📊 Metadata

CVE ID: CVE-2025-1991
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-191
EPSS Score: 0.11% exploit probability (30th percentile)
Published: June 28, 2025
Last Updated: August 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1991, you might also want to check these:

CVE-2025-29909 9.8

A heap buffer overflow vulnerability in CryptoLib's Crypto_TC_ApplySecurity() function allows attack...

Same vulnerability type (CWE-191)
CVE-2020-3691 9.8

This vulnerability allows integer underflow in Qualcomm Snapdragon audio processing, potentially lea...

Same vulnerability type (CWE-191)
CVE-2023-21708 9.8

This is a critical Remote Procedure Call Runtime vulnerability that allows unauthenticated attackers...

Same vulnerability type (CWE-191)