CVE-2025-36428 – This vulnerability in IBM Db2 allows authentica... (How to Fix)

Q: What is the severity of CVE-2025-36428?

CVE-2025-36428 has a CVSS score of 5.3 (MEDIUM). This vulnerability in IBM Db2 allows authenticated users to cause a denial of service by exploiting improper input sanitization in the RPSCAN feature's data query logic. It affects Db2 versions 11.5.0-11.5.9 and 12.1.0-12.1.3 on Linux, UNIX, and Windows systems. Only systems with the RPSCAN feature enabled are vulnerable.

📋 TL;DR

This vulnerability in IBM Db2 allows authenticated users to cause a denial of service by exploiting improper input sanitization in the RPSCAN feature's data query logic. It affects Db2 versions 11.5.0-11.5.9 and 12.1.0-12.1.3 on Linux, UNIX, and Windows systems. Only systems with the RPSCAN feature enabled are vulnerable.

💻 Affected Systems

Products:

IBM Db2 for Linux, UNIX and Windows
IBM Db2 Connect Server

Versions: 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3

Operating Systems: Linux, UNIX, Windows

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when the RPSCAN feature is enabled. Default configurations may not have this feature active.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database unavailability affecting all applications and users relying on the Db2 instance, potentially causing business disruption.

🟠

Likely Case

Temporary service degradation or database crashes requiring restart, impacting application performance.

🟢

If Mitigated

Minimal impact if RPSCAN is disabled or proper access controls limit authenticated user privileges.

🌐 Internet-Facing: MEDIUM - Internet-facing Db2 instances could be targeted if authentication is breached, but exploitation requires authenticated access.

🏢 Internal Only: MEDIUM - Internal users with database credentials could intentionally or accidentally trigger the DoS condition.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated database access and knowledge of RPSCAN query patterns. No public exploit code is available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes from IBM: 11.5.9.1 or later for 11.5.x, 12.1.3.1 or later for 12.1.x

Vendor Advisory: https://www.ibm.com/support/pages/node/7257697

Restart Required: Yes

Instructions:

1. Review IBM advisory for specific fix details. 2. Apply the appropriate fix pack for your Db2 version. 3. Restart Db2 services to apply changes. 4. Verify the fix is applied correctly.

🔧 Temporary Workarounds

Disable RPSCAN feature

all

Temporarily disable the RPSCAN feature if not required for operations

db2 update dbm cfg using RPSCAN OFF
db2stop
db2start

🧯 If You Can't Patch

Restrict database user privileges to minimize authenticated users who could exploit this vulnerability
Implement network segmentation and firewall rules to limit access to Db2 instances

🔍 How to Verify

Check if Vulnerable:

Check Db2 version with 'db2level' command and verify if RPSCAN is enabled in database configuration

Check Version:

db2level | grep 'Product level'

Verify Fix Applied:

Verify applied fix pack version and confirm RPSCAN configuration after applying patches

📡 Detection & Monitoring

Log Indicators:

Database crash logs
RPSCAN-related error messages in db2diag.log
Unexpected service restarts

Network Indicators:

Unusual database query patterns from authenticated users
Increased failed connection attempts

SIEM Query:

source="db2" AND (error OR crash OR "denial of service")

📊 Metadata

CVE ID: CVE-2025-36428

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-1284

EPSS Score: 0.05% exploit probability (16.5th percentile)

Published: January 30, 2026

Last Updated: February 5, 2026

🔗 References

https://www.ibm.com/support/pages/node/7257697 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36428, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable RPSCAN feature

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities