Sensitive Information Exposure in IBM Db2 for Linux, UNIX, and Windows
CVE-2025-13755

5.5MEDIUM

Key Information:

Vendor: IBM
Status: Db2
Vendor: CVE Published:; 26 May 2026

What is CVE-2025-13755?

IBM Db2 versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.4 for Linux, UNIX, and Windows contain a flaw that allows local users to read potentially sensitive information stored in log files. This exposure can lead to unauthorized access to confidential data, posing significant risks to data security and privacy.

Affected Version(s)

Db2 11.5.0 <= 11.5.9

Db2 12.1.0 <= 12.1.4

References

https://www.ibm.com/support/pages/node/7273554

vendor-advisorypatch

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
Nov 26, 2025

CVE-2025-13755 Data

JSON