Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows
CVE-2025-1000

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Db2 For Linux, Unix And Windows
Vendor: CVE Published:; 5 May 2025

What is CVE-2025-1000?

A significant vulnerability exists in IBM Db2 for Linux, UNIX and Windows where authenticated users could exploit improper handling during automatic client rerouting. This flaw can lead to a denial of service when individuals attempt to connect to a z/OS database, impacting the overall performance and availability of the database system. Organizations using affected versions are urged to review security advisories and apply necessary mitigations.

Affected Version(s)

Db2 for Linux, UNIX and Windows 11.5.0 <= 11.5.9

Db2 for Linux, UNIX and Windows 12.1.0 <= 12.1.1

References

https://www.ibm.com/support/pages/node/7232528

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2025
Vulnerability Reserved
Feb 3, 2025