Login Sign Up

CVE-2025-33132

6.5 MEDIUM
Denial of Service

📋 TL;DR

IBM DB2 High Performance Unload contains a use-after-free vulnerability (CWE-467) where incorrect pointer size calculations allow authenticated users to crash the program. This affects versions 5.1, 6.1, and 6.5 across multiple patch levels. Only authenticated users can trigger this vulnerability.

💻 Affected Systems

Products:
  • IBM DB2 High Performance Unload
Versions: 5.1.0.1, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.5, 6.5.0.0 IF1
Operating Systems: All supported platforms for DB2 High Performance Unload
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable. Requires authenticated user access to trigger.

📦 What is this software?

Db2 High Performance Unload Load by Ibm

View all CVEs affecting Db2 High Performance Unload Load →

Db2 High Performance Unload Load by Ibm

View all CVEs affecting Db2 High Performance Unload Load →

Db2 High Performance Unload Load by Ibm

View all CVEs affecting Db2 High Performance Unload Load →

Db2 High Performance Unload Load by Ibm

View all CVEs affecting Db2 High Performance Unload Load →

Db2 High Performance Unload Load by Ibm

View all CVEs affecting Db2 High Performance Unload Load →

Db2 High Performance Unload Load by Ibm

View all CVEs affecting Db2 High Performance Unload Load →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Denial of service causing DB2 High Performance Unload service disruption, potentially affecting database unload operations and dependent processes.

🟠

Likely Case

Local authenticated user causes program crash, disrupting unload operations until service restart.

🟢

If Mitigated

Minimal impact with proper access controls limiting authenticated users and monitoring for service disruptions.

🌐 Internet-Facing: LOW - Requires authenticated access and typically not exposed directly to internet.
🏢 Internal Only: MEDIUM - Internal authenticated users could disrupt database operations, but requires specific access privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated access and specific conditions to trigger the pointer miscalculation. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes as specified in IBM advisory 7249336

Vendor Advisory: https://www.ibm.com/support/pages/node/7249336

Restart Required: No

Instructions:

1. Review IBM advisory 7249336. 2. Download appropriate fix for your version. 3. Apply fix following IBM installation procedures. 4. Verify fix applied successfully.

🔧 Temporary Workarounds

Restrict user access

all

Limit authenticated user access to DB2 High Performance Unload to only necessary administrative users

Monitor for crashes

all

Implement monitoring for DB2 High Performance Unload process crashes and restart automatically

🧯 If You Can't Patch

  • Implement strict access controls to limit which users can access DB2 High Performance Unload
  • Monitor system logs for crash events and implement automated alerting for service disruptions

🔍 How to Verify

Check if Vulnerable:

Check installed version of DB2 High Performance Unload against affected version list

Check Version:

db2hpuf -v or check installation directory for version information

Verify Fix Applied:

Verify version after applying IBM fix and confirm it's no longer in affected version range

📡 Detection & Monitoring

Log Indicators:

  • DB2 High Performance Unload process crashes
  • Unexpected termination of db2hpuf processes
  • Error logs indicating memory access violations

Network Indicators:

  • Unusual patterns of authenticated user access to DB2 HPU services

SIEM Query:

source="db2_logs" AND ("crash" OR "terminated" OR "segmentation fault") AND process="db2hpuf"

📊 Metadata

CVE ID: CVE-2025-33132
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-467
EPSS Score: 0.06% exploit probability (19.4th percentile)
Published: October 28, 2025
Last Updated: November 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON