IBM® Db2® is vulnerable to credential exposure in db2diag when...

5.5 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.

Basic Information

ID CVE-2025-13755

Source ibm

Published May 26, 2026 at 15:46

Affected Product

Vendor IBM

Product Db2

Version 11.5.0

Affected Versions IBM Db2 11.5.0
IBM Db2 12.1.0

CWE Classification

CWE-532

References

www.ibm.com /support/pages/node/7273554

{
    "lastseen": "",
    "description": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.",
    "published": "2026-05-26T15:46:55.171Z",
    "modified": "2026-05-26T15:46:55.171Z",
    "type": "cve",
    "title": "IBM\u00ae Db2\u00ae is vulnerable to credential exposure in db2diag when executing specific testcase buckets",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7273554",
    "id": "CVE-2025-13755",
    "bulletinFamily": "",
    "cwe": [
        "CWE-532"
    ],
    "cvelist": null,
    "sourceData": "IBM Db2 11.5.0\nIBM Db2 12.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Db2",
    "version": "11.5.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets_CVE-2025-13755