CVE-2025-36006
📋 TL;DR
This vulnerability in IBM Db2 allows authenticated users to cause denial of service by exploiting improper resource release after use. It affects Db2 versions 10.5.0-10.5.11, 11.1.0-11.1.4.7, 11.5.0-11.5.9, and 12.1.0-12.1.3 on Linux, UNIX, and Windows systems, including Db2 Connect Server.
💻 Affected Systems
- IBM Db2
- IBM Db2 Connect Server
📦 What is this software?
Db2 by Ibm
Db2 by Ibm
Db2 by Ibm
Db2 by Ibm
Db2 by Ibm
Db2 by Ibm
Db2 by Ibm
Db2 by Ibm
Db2 by Ibm
Db2 by Ibm
Db2 by Ibm
Db2 by Ibm
⚠️ Risk & Real-World Impact
Worst Case
Complete database service disruption affecting all applications dependent on Db2, potentially causing extended downtime and business impact.
Likely Case
Partial or intermittent service degradation affecting specific database operations or connections.
If Mitigated
Minimal impact with proper access controls limiting authenticated user privileges and resource monitoring.
🎯 Exploit Status
Requires authenticated access but exploitation appears straightforward based on vulnerability type (improper resource release).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply fixes as specified in IBM advisory: 10.5 FP11, 11.1.4.7, 11.5.9, 12.1.3 or later
Vendor Advisory: https://www.ibm.com/support/pages/node/7250479
Restart Required: Yes
Instructions:
1. Review IBM advisory for specific fix details. 2. Download appropriate fix pack from IBM Fix Central. 3. Apply fix following IBM Db2 installation procedures. 4. Restart Db2 services.
🔧 Temporary Workarounds
Restrict Database User Privileges
allLimit authenticated user permissions to minimum required for their functions to reduce attack surface.
REVOKE CONNECT, EXECUTE, and other unnecessary privileges from non-essential users
Implement Connection Rate Limiting
allConfigure database connection limits to prevent resource exhaustion attacks.
UPDATE DATABASE CONFIGURATION USING MAXAPPLS <value>
UPDATE DATABASE MANAGER CONFIGURATION USING NUMDB <value>
🧯 If You Can't Patch
- Implement strict access controls and principle of least privilege for all Db2 users
- Deploy network segmentation and firewall rules to restrict Db2 access to authorized systems only
🔍 How to Verify
Check if Vulnerable:
Check Db2 version with: db2level command or SELECT SERVICE_LEVEL, BUILD_NUM FROM SYSIBMADM.ENV_INST_INFOCheck Version:
db2levelVerify Fix Applied:
Verify version is patched to: 10.5 FP11, 11.1.4.7, 11.5.9, 12.1.3 or later using same commands📡 Detection & Monitoring
Log Indicators:
- Unexpected database crashes or restarts
- Resource exhaustion errors in db2diag.log
- Multiple connection failures from single user
Network Indicators:
- Abnormal spike in database connection attempts
- Repeated authentication attempts followed by service disruption
SIEM Query:
source="db2diag.log" AND ("SQL1224N" OR "SQL1032N" OR "crash" OR "restart")