CVE-2025-36442 – IBM Db2 databases running vulnerable versions c... (How to Fix)

Q: What is the severity of CVE-2025-36442?

CVE-2025-36442 has a CVSS score of 6.5 (MEDIUM). IBM Db2 databases running vulnerable versions can crash when processing specially crafted XML queries, causing denial of service. This affects Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 on Linux, UNIX, and Windows systems, including Db2 Connect Server installations.

📋 TL;DR

IBM Db2 databases running vulnerable versions can crash when processing specially crafted XML queries, causing denial of service. This affects Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 on Linux, UNIX, and Windows systems, including Db2 Connect Server installations.

💻 Affected Systems

Products:

IBM Db2 for Linux, UNIX and Windows
IBM Db2 Connect Server

Versions: 11.5.0 through 11.5.9, 12.1.0 through 12.1.3

Operating Systems: Linux, UNIX, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations with XML column support are vulnerable when processing malicious queries.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database unavailability requiring restart, potentially disrupting critical business operations and causing data access outages.

🟠

Likely Case

Intermittent database crashes affecting application availability, requiring manual intervention to restart Db2 services.

🟢

If Mitigated

Minimal impact with proper network segmentation and query validation preventing malicious queries from reaching the database.

🌐 Internet-Facing: MEDIUM - Internet-facing Db2 instances could be targeted by automated scanning and exploitation attempts, but require specific XML query knowledge.

🏢 Internal Only: MEDIUM - Internal attackers or compromised applications could exploit this, but still requires database access and XML query crafting capability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires database access and ability to execute XML queries. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes from IBM: 11.5.9.0a or later for 11.5.x, 12.1.3.0a or later for 12.1.x

Vendor Advisory: https://www.ibm.com/support/pages/node/7257698

Restart Required: Yes

Instructions:

1. Download appropriate fix from IBM Fix Central. 2. Apply fix using Db2 update installer. 3. Restart all Db2 instances and dependent applications. 4. Verify fix with version check.

🔧 Temporary Workarounds

Restrict XML Query Access

all

Implement database access controls to limit XML query execution to trusted users only.

db2 "REVOKE EXECUTE ON PROCEDURE SYSPROC.XMLVALIDATE FROM PUBLIC"
db2 "REVOKE EXECUTE ON PROCEDURE SYSPROC.XMLPARSE FROM PUBLIC"

Network Segmentation

all

Isolate Db2 servers behind firewalls and restrict access to trusted application servers only.

🧯 If You Can't Patch

Implement strict input validation on all applications that submit XML queries to Db2
Deploy network-based intrusion prevention systems to detect and block malicious XML payloads

🔍 How to Verify

Check if Vulnerable:

Check Db2 version: db2level command output showing versions 11.5.0-11.5.9 or 12.1.0-12.1.3

Check Version:

db2level | grep "Product installed"

Verify Fix Applied:

Verify version is 11.5.9.0a or higher for 11.5.x, or 12.1.3.0a or higher for 12.1.x

📡 Detection & Monitoring

Log Indicators:

Db2 instance crashes in db2diag.log
Unexpected termination of db2sysc process
Error messages related to XML parsing failures

Network Indicators:

Unusual XML query patterns to Db2 ports
Multiple connection attempts followed by service unavailability

SIEM Query:

source="db2diag.log" AND ("crash" OR "terminated" OR "XML parsing error")

📊 Metadata

CVE ID: CVE-2025-36442

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-943

EPSS Score: 0.02% exploit probability (3.5th percentile)

Published: January 30, 2026

Last Updated: February 5, 2026

🔗 References

https://www.ibm.com/support/pages/node/7257698 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36442, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

Db2 by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict XML Query Access

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities