IBM Db2 Privilege Escalation_CVE-2025-36365

6.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key.

Basic Information

ID CVE-2025-36365

Source ibm

Published Jan 30, 2026 at 21:27

Modified Jan 30, 2026 at 21:40

Affected Product

Vendor IBM

Product Db2 for Linux, UNIX and Windows

Version 11.5.0

Affected Versions IBM Db2 for Linux, UNIX and Windows 11.5.0
IBM Db2 for Linux, UNIX and Windows 12.1.0

CWE Classification

CWE-639

References

www.ibm.com /support/pages/node/7257665

{
    "lastseen": "",
    "description": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key.",
    "published": "2026-01-30T21:27:54.160Z",
    "modified": "2026-01-30T21:40:05.499Z",
    "type": "cve",
    "title": "IBM Db2 Privilege Escalation",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7257665",
    "id": "CVE-2025-36365",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "IBM Db2 for Linux, UNIX and Windows 11.5.0\nIBM Db2 for Linux, UNIX and Windows 12.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Db2 for Linux, UNIX and Windows",
    "version": "11.5.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}