CVE-2025-36424 – This vulnerability in IBM Db2 allows authentica... (How to Fix)

Q: What is the severity of CVE-2025-36424?

CVE-2025-36424 has a CVSS score of 6.5 (MEDIUM). This vulnerability in IBM Db2 allows authenticated users to cause denial of service by submitting specially crafted queries that trigger improper neutralization of special elements. It affects Db2 for Linux, UNIX and Windows including Db2 Connect Server. Attackers could crash database services, disrupting business operations.

📋 TL;DR

This vulnerability in IBM Db2 allows authenticated users to cause denial of service by submitting specially crafted queries that trigger improper neutralization of special elements. It affects Db2 for Linux, UNIX and Windows including Db2 Connect Server. Attackers could crash database services, disrupting business operations.

💻 Affected Systems

Products:

IBM Db2 for Linux, UNIX and Windows
IBM Db2 Connect Server

Versions: Specific versions as detailed in IBM advisory (check vendor link for exact ranges)

Operating Systems: Linux, UNIX, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated database access; all standard configurations are vulnerable if unpatched.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database service outage affecting all applications dependent on Db2, potentially requiring manual restart and causing extended downtime.

🟠

Likely Case

Partial service disruption affecting specific database connections or queries, with automatic recovery possible but causing intermittent availability issues.

🟢

If Mitigated

Minimal impact with proper query validation and monitoring in place, potentially causing only temporary connection drops.

🌐 Internet-Facing: MEDIUM - While exploitation requires authentication, internet-facing Db2 instances could be targeted by credential stuffing or compromised accounts.

🏢 Internal Only: HIGH - Internal users with database access could intentionally or accidentally trigger the vulnerability, causing significant operational impact.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated database access but the vulnerability itself is in core query processing logic.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IBM advisory for specific fixed versions

Vendor Advisory: https://www.ibm.com/support/pages/node/7257695

Restart Required: Yes

Instructions:

1. Review IBM advisory for affected versions. 2. Download appropriate fix pack from IBM Fix Central. 3. Apply fix pack following IBM documentation. 4. Restart Db2 services. 5. Verify patch application.

🔧 Temporary Workarounds

Restrict Database Privileges

all

Limit query execution privileges to only necessary users and applications

db2 "REVOKE EXECUTE ON PROCEDURE <procedure_name> FROM <user>"
db2 "REVOKE SELECT, INSERT, UPDATE, DELETE ON <table> FROM <user>"

Implement Query Monitoring

all

Monitor and alert on unusual query patterns that could trigger the vulnerability

db2pd -db <dbname> -dynamic
db2 "SELECT * FROM TABLE(MON_GET_PKG_CACHE_STMT(NULL, NULL, -2)) WHERE EXECUTABLE_ID LIKE '%suspicious_pattern%'"

🧯 If You Can't Patch

Implement strict input validation and parameterized queries in all applications accessing Db2
Deploy network segmentation and firewall rules to limit Db2 access to only authorized applications and users

🔍 How to Verify

Check if Vulnerable:

Check Db2 version against IBM advisory: db2level command output

Check Version:

db2level | grep "Product installed"

Verify Fix Applied:

Verify version after patching: db2level should show patched version

📡 Detection & Monitoring

Log Indicators:

Unexpected database crashes or restarts in db2diag.log
Error messages related to query processing or memory corruption
Multiple failed connection attempts followed by service disruption

Network Indicators:

Sudden drop in database connections
Increased error responses from database port
Unusual query patterns from single source

SIEM Query:

source="db2diag.log" AND ("crash" OR "abend" OR "segmentation fault" OR "access violation")

📊 Metadata

CVE ID: CVE-2025-36424

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-1284

EPSS Score: 0.05% exploit probability (16.5th percentile)

Published: January 30, 2026

Last Updated: February 11, 2026

🔗 References

https://www.ibm.com/support/pages/node/7257695 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36424, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Database Privileges

Implement Query Monitoring

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities