CVE-2025-36365

Published: Jan 30, 2026Modified: Feb 5, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key.

Affected (6)

Products: Ibm: Db2

Ibm

1 product

Db2

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Ibm Db2	From 11.5.0 to 11.5.9
Ibm Db2	From 12.1.0 to 12.1.3
Ibm Db2	From 11.5.0 to 11.5.9
Ibm Db2	From 12.1.0 to 12.1.3
Ibm Db2	From 11.5.0 to 11.5.9
Ibm Db2	From 12.1.0 to 12.1.3

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (1)

https://www.ibm.com/support/pages/node/7257665

Source: psirt@us.ibm.com

PatchVendor Advisory

Timeline

No history available yet.