Login Sign Up

CVE-2025-36423

6.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in IBM Db2 allows a local user to cause a denial of service by exploiting improper neutralization of special elements in data query logic. It affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 12.1.0 through 12.1.3. The attacker must have local access to the system.

💻 Affected Systems

Products:
  • IBM Db2 for Linux, UNIX and Windows
  • IBM Db2 Connect Server
Versions: 12.1.0 - 12.1.3
Operating Systems: Linux, UNIX, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations of affected versions are vulnerable. Requires local user access to exploit.

📦 What is this software?

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

Db2 by Ibm

View all CVEs affecting Db2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database service disruption leading to application downtime and business impact

🟠

Likely Case

Temporary database service interruption affecting dependent applications

🟢

If Mitigated

Minimal impact with proper access controls and monitoring

🌐 Internet-Facing: LOW - Requires local user access, not remotely exploitable
🏢 Internal Only: MEDIUM - Local users with database access could disrupt services

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local user access and knowledge of database query logic. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fix pack 12.1.4 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7257694

Restart Required: Yes

Instructions:

1. Download the appropriate fix pack from IBM Fix Central. 2. Stop all Db2 services. 3. Apply the fix pack according to IBM documentation. 4. Restart Db2 services. 5. Verify the update was successful.

🔧 Temporary Workarounds

Restrict local user access

all

Limit local user accounts that have access to Db2 instance

# Review and remove unnecessary local user accounts
# Implement least privilege access controls

Implement query monitoring

all

Monitor and alert on unusual query patterns

# Configure Db2 audit policies for query monitoring
# Set up alerts for abnormal query behavior

🧯 If You Can't Patch

  • Implement strict access controls to limit local user access to Db2 instances
  • Deploy additional monitoring and alerting for database service disruptions

🔍 How to Verify

Check if Vulnerable:

Check Db2 version using db2level command and compare against affected versions 12.1.0-12.1.3

Check Version:

db2level | grep "Product name"

Verify Fix Applied:

Verify version is 12.1.4 or later using db2level command and check that the fix pack was successfully applied

📡 Detection & Monitoring

Log Indicators:

  • Database service crashes
  • Abnormal query patterns
  • Connection failures
  • Resource exhaustion events

Network Indicators:

  • Increased failed connection attempts
  • Unusual query traffic patterns

SIEM Query:

source="db2*" AND (event_type="crash" OR event_type="service_stop" OR query="*special*" OR error="*denial*")

📊 Metadata

CVE ID: CVE-2025-36423
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-1284
EPSS Score: 0.04% exploit probability (11.7th percentile)
Published: January 30, 2026
Last Updated: February 5, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36423, you might also want to check these:

CVE-2024-8887 10.0

CVE-2024-8887 is an authentication bypass vulnerability in CIRCUTOR Q-SMT firmware that allows attac...

Same vulnerability type (CWE-1284)
CVE-2025-55398 9.8

A vulnerability in mouse07410 asn1c through version 0.9.29 allows attackers to bypass INTEGER constr...

Same vulnerability type (CWE-1284)
CVE-2021-31556 9.8

This vulnerability in MediaWiki's OAuth extension allows attackers to cause denial of service or pot...

Same vulnerability type (CWE-1284)