Analysis Summary

CVE-2024-47118 CVSS:6.5

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

CVE-2025-2534 CVSS:5.3

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

CVE-2025-33012 CVSS:6.3

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.

CVE-2025-36186 CVSS:7.4

IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.

CVE-2025-36185 CVSS:6.2

IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

Impact

• Denial of Service
• Gain Access
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2024-47118

• CVE-2025-2534

• CVE-2025-33012

• CVE-2025-36186

• CVE-2025-36185

Affected Vendors

Remediation

Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-47118

CVE-2025-2534

CVE-2025-33012

CVE-2025-36186

CVE-2025-36185