CVE-2025-33012

Published: Nov 7, 2025Modified: Nov 19, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.

Affected (4)

Products: Ibm: Db2

Ibm

1 product

Db2

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Db2	From 10.5.0.0 to 10.5.0.11
Ibm Db2	From 11.1.0 to 11.1.4.7
Ibm Db2	From 11.5.0 to 11.5.9
Ibm Db2	From 12.1.0 to 12.1.3

Related CWEs

CWE-324

Use of a Key Past its Expiration Date

The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

References (1)

https://www.ibm.com/support/pages/node/7250469

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.