CVE-2025-36006

MEDIUM

IBM Db2 < 10.5.0.11 - Improper Resource Release

Title source: rule

Description

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7250479

Scores

CVSS v3 6.5

EPSS 0.0004

EPSS Percentile 12.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-404

Status published

Products (1)

ibm/db2 10.5.0.0 - 10.5.0.11 (3 CPE variants)

Published Nov 07, 2025

Tracked Since Feb 18, 2026