CVE-2025-36425

MEDIUM

IBM Db2 11.5.0-11.5.9/12.1.0-12.1.3 - Info Disclosure

Title source: llm

Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration.

References (1)

[Various Sources] https://www.ibm.com/support/pages/node/7259962

Scores

CVSS v3 5.3

EPSS 0.0004

EPSS Percentile 11.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-256

Status published

Products (1)

ibm/db2 11.5.0 - 11.5.9 (3 CPE variants)

Published Feb 17, 2026

Tracked Since Feb 18, 2026