Login Sign Up

CVE-2025-33131

6.5 MEDIUM
Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability in IBM DB2 High Performance Unload allows authenticated users to trigger a stack-based buffer overflow, causing the program to crash. It affects multiple versions of the software across different release streams. Only authenticated users can exploit this vulnerability.

💻 Affected Systems

Products:
  • IBM DB2 High Performance Unload
Versions: 5.1, 5.1.0.1, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.5, 6.5.0.0 IF1
Operating Systems: All platforms running affected DB2 HPU versions
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations of affected versions are vulnerable. Requires authenticated user access to the unload utility.

📦 What is this software?

Db2 High Performance Unload Load by Ibm

View all CVEs affecting Db2 High Performance Unload Load →

Db2 High Performance Unload Load by Ibm

View all CVEs affecting Db2 High Performance Unload Load →

Db2 High Performance Unload Load by Ibm

View all CVEs affecting Db2 High Performance Unload Load →

Db2 High Performance Unload Load by Ibm

View all CVEs affecting Db2 High Performance Unload Load →

Db2 High Performance Unload Load by Ibm

View all CVEs affecting Db2 High Performance Unload Load →

Db2 High Performance Unload Load by Ibm

View all CVEs affecting Db2 High Performance Unload Load →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Potential denial of service (DoS) through program crashes, with possible escalation to arbitrary code execution if the overflow can be controlled precisely.

🟠

Likely Case

Denial of service through program crashes, disrupting database unload operations.

🟢

If Mitigated

Minimal impact if proper access controls limit authenticated users and monitoring detects abnormal crashes.

🌐 Internet-Facing: LOW - Requires authenticated access and typically runs in internal database environments.
🏢 Internal Only: MEDIUM - Authenticated internal users could disrupt database operations, but requires specific access to the unload utility.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated access and specific conditions to trigger the buffer overflow. No public exploit code available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes per IBM advisory - specific fix versions vary by affected version

Vendor Advisory: https://www.ibm.com/support/pages/node/7249336

Restart Required: No

Instructions:

1. Review IBM advisory for specific fix instructions. 2. Apply recommended fixes or upgrades. 3. Verify fix by testing unload operations.

🔧 Temporary Workarounds

Restrict access to DB2 HPU

all

Limit which users can execute the High Performance Unload utility to reduce attack surface

Monitor for abnormal crashes

all

Implement monitoring for unexpected termination of DB2 HPU processes

🧯 If You Can't Patch

  • Implement strict access controls to limit which users can execute the unload utility
  • Monitor system logs for unexpected program crashes and investigate immediately

🔍 How to Verify

Check if Vulnerable:

Check DB2 HPU version using 'db2hpul -v' or equivalent command and compare against affected versions list

Check Version:

db2hpul -v

Verify Fix Applied:

After applying fix, verify version is updated and test unload operations to ensure stability

📡 Detection & Monitoring

Log Indicators:

  • Unexpected termination of db2hpul processes
  • Core dumps or crash reports from DB2 HPU
  • Access denied errors followed by crashes

Network Indicators:

  • Unusual patterns of database unload requests from single users

SIEM Query:

process_name="db2hpul" AND event_type="process_termination" AND exit_code!=0

📊 Metadata

CVE ID: CVE-2025-33131
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-120
EPSS Score: 0.06% exploit probability (19.4th percentile)
Published: October 28, 2025
Last Updated: November 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-33131, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)