CVE-2025-36006

Published: Nov 7, 2025Modified: Nov 19, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: psirt@us.ibm.com (Secondary)

Description

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use.

Affected (12)

Products: Ibm: Db2

Ibm

1 product

Db2

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Ibm Db2	From 10.5.0.0 to 10.5.0.11
Ibm Db2	From 11.1.0 to 11.1.4.7
Ibm Db2	From 11.5.0 to 11.5.9
Ibm Db2	From 12.1.0 to 12.1.3
Ibm Db2	From 10.5.0.0 to 10.5.0.11
Ibm Db2	From 11.1.0 to 11.1.4.7
Ibm Db2	From 11.5.0 to 11.5.9
Ibm Db2	From 12.1.0 to 12.1.3
Ibm Db2	From 10.5.0.0 to 10.5.0.11
Ibm Db2	From 11.1.0 to 11.1.4.7
Ibm Db2	From 11.5.0 to 11.5.9
Ibm Db2	From 12.1.0 to 12.1.3

Related CWEs

CWE-404

Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

References (1)

https://www.ibm.com/support/pages/node/7250479

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.