CVE-2025-36186

Published: Nov 7, 2025Modified: Nov 18, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.

Affected (3)

Products: Ibm: Db2

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Db2	From 12.1.0 to 12.1.3
Ibm Db2	From 12.1.0 to 12.1.3
Ibm Db2	From 12.1.0 to 12.1.3

Related CWEs

Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

References (1)

https://www.ibm.com/support/pages/node/7250486

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.