CVE-2025-36427 – IBM Db2 databases are vulnerable to denial of s... (How to Fix)

Q: What is the severity of CVE-2025-36427?

CVE-2025-36427 has a CVSS score of 6.5 (MEDIUM). IBM Db2 databases are vulnerable to denial of service attacks when processing specially crafted queries due to insufficient input validation. This affects Db2 for Linux, UNIX, Windows, and Db2 Connect Server installations. Attackers with database access can crash the Db2 service, disrupting database operations.

📋 TL;DR

IBM Db2 databases are vulnerable to denial of service attacks when processing specially crafted queries due to insufficient input validation. This affects Db2 for Linux, UNIX, Windows, and Db2 Connect Server installations. Attackers with database access can crash the Db2 service, disrupting database operations.

💻 Affected Systems

Products:

IBM Db2 for Linux, UNIX and Windows
IBM Db2 Connect Server

Versions: Specific versions not detailed in advisory; check IBM advisory for exact affected versions

Operating Systems: Linux, UNIX, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All standard Db2 configurations are vulnerable. The vulnerability exists in the core query processing logic.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database service outage requiring manual restart, potentially causing extended business disruption and data unavailability.

🟠

Likely Case

Temporary service interruption affecting database-dependent applications until Db2 is restarted.

🟢

If Mitigated

Minimal impact with proper access controls and monitoring in place to detect and block malicious queries.

🌐 Internet-Facing: MEDIUM - Internet-facing Db2 instances are at risk if exposed without proper authentication or if attackers gain valid credentials.

🏢 Internal Only: HIGH - Internal users with database access can exploit this vulnerability to disrupt critical business operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires valid database credentials. The vulnerability is in query processing logic, making exploitation straightforward for authenticated users.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IBM advisory for specific fixed versions

Vendor Advisory: https://www.ibm.com/support/pages/node/7257696

Restart Required: Yes

Instructions:

1. Review IBM advisory for affected versions. 2. Apply the appropriate fix pack or interim fix from IBM. 3. Restart Db2 services. 4. Test database functionality.

🔧 Temporary Workarounds

Restrict Database Access

all

Limit database user privileges to only necessary functions and implement strict access controls.

REVOKE EXECUTE ON PROCEDURE sysproc.db2expln FROM PUBLIC;
REVOKE EXECUTE ON PROCEDURE sysproc.explain FROM PUBLIC;

Implement Query Monitoring

all

Monitor and alert on unusual query patterns or repeated failed queries that could indicate exploitation attempts.

db2pd -db <dbname> -dynamic
db2 get snapshot for database on <dbname>

🧯 If You Can't Patch

Implement strict principle of least privilege for all database users
Deploy network segmentation and firewall rules to restrict Db2 access to trusted sources only

🔍 How to Verify

Check if Vulnerable:

Check Db2 version against IBM advisory: db2level

Check Version:

db2level

Verify Fix Applied:

Verify applied fix pack: db2level and confirm version matches IBM's fixed versions

📡 Detection & Monitoring

Log Indicators:

Unexpected Db2 service crashes
Abnormal query patterns in db2diag.log
Repeated failed queries from single source

Network Indicators:

Unusual database connection patterns
Spike in database error responses

SIEM Query:

source="db2diag.log" AND ("crash" OR "abend" OR "unexpected termination")

📊 Metadata

CVE ID: CVE-2025-36427

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-1284

EPSS Score: 0.05% exploit probability (16.5th percentile)

Published: January 30, 2026

Last Updated: February 11, 2026

🔗 References

https://www.ibm.com/support/pages/node/7257696 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36427, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Database Access

Implement Query Monitoring

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities