Login Sign Up

CVE-2025-36387

6.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in IBM Db2 allows authenticated users to cause denial of service by submitting specially crafted queries. It affects Db2 versions 11.5.0 through 11.5.9 on Linux, UNIX, and Windows systems. Database administrators and organizations running affected Db2 instances should prioritize patching.

💻 Affected Systems

Products:
  • IBM Db2 for Linux, UNIX and Windows
  • DB2 Connect Server
Versions: 11.5.0 - 11.5.9
Operating Systems: Linux, UNIX, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations with affected versions are vulnerable if users can submit queries

📦 What is this software?

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database unavailability affecting all dependent applications and services

🟠

Likely Case

Temporary service disruption requiring database restart

🟢

If Mitigated

Minimal impact with proper query validation and monitoring

🌐 Internet-Facing: MEDIUM - Requires authentication but internet-facing databases are more exposed
🏢 Internal Only: MEDIUM - Authenticated internal users could still cause disruption

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authenticated database access but exploit details are not publicly available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.5.9.0a or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7257690

Restart Required: Yes

Instructions:

1. Download Db2 fix pack 11.5.9.0a or later from IBM Fix Central. 2. Stop all Db2 instances and applications. 3. Apply the fix pack following IBM installation instructions. 4. Restart Db2 instances and verify functionality.

🔧 Temporary Workarounds

Restrict Query Privileges

all

Limit query execution privileges to trusted users only

REVOKE EXECUTE ON PACKAGE <package_name> FROM PUBLIC
REVOKE EXECUTE ON PROCEDURE <procedure_name> FROM PUBLIC

Implement Query Monitoring

all

Monitor and alert on unusual query patterns

db2pd -db <database> -appl
db2 get snapshot for database on <database>

🧯 If You Can't Patch

  • Implement strict access controls to limit authenticated users who can submit queries
  • Deploy network segmentation and monitoring to detect abnormal database traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check Db2 version with: db2level | grep 'Product is installed at'

Check Version:

db2level | grep 'Product is installed at'

Verify Fix Applied:

Verify version is 11.5.9.0a or later: db2level | grep 'Product is installed at'

📡 Detection & Monitoring

Log Indicators:

  • Database crash logs
  • Abnormal query execution patterns in db2diag.log
  • Connection resets

Network Indicators:

  • Sudden drop in database connections
  • Increased error responses from database

SIEM Query:

source="db2diag.log" AND ("crash" OR "abnormal termination" OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2025-36387
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-770
EPSS Score: 0.05% exploit probability (14.2th percentile)
Published: January 30, 2026
Last Updated: February 5, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36387, you might also want to check these:

CVE-2024-44241 9.8

This vulnerability in DCP firmware allows attackers to execute arbitrary code or cause system crashe...

Same vulnerability type (CWE-770)
CVE-2025-11832 9.8

This CVE describes a resource allocation vulnerability in Azure Access Technology BLU-IC2 and BLU-IC...

Same vulnerability type (CWE-770)
CVE-2021-47875 9.8

GeoGebra CAS Calculator 6.0.631.0 contains a buffer overflow vulnerability that allows attackers to ...

Same vulnerability type (CWE-770)