CVE-2025-1000

Published: May 5, 2025Modified: Nov 3, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting.

Affected (6)

Products: Ibm: Db2

Ibm

1 product

Db2

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Ibm Db2	From 11.5 to 11.5.9
Ibm Db2	From 12.1.0 to 12.1.1
Ibm Db2	From 11.5 to 11.5.9
Ibm Db2	From 12.1.0 to 12.1.1
Ibm Db2	From 11.5 to 11.5.9
Ibm Db2	From 12.1.0 to 12.1.1

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (2)

https://www.ibm.com/support/pages/node/7232528

Source: psirt@us.ibm.com

Vendor Advisory

https://security.netapp.com/advisory/ntap-20250516-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.