Denial of Service Vulnerability in IBM Db2 for Linux, UNIX, and Windows
CVE-2025-2534

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Db2
Vendor: CVE Published:; 7 November 2025

What is CVE-2025-2534?

IBM Db2 versions 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX, and Windows are susceptible to a denial of service attack. This vulnerability arises when the database server crashes upon processing a specially crafted query, compromising availability and disrupting services. It is critical for users to assess the potential impact on their systems and apply appropriate patches to mitigate this risk. Further details and guidance are available in the vendor advisory.

Affected Version(s)

Db2 11.1.0 <= 11.1.4.7

Db2 11.5.0 <= 11.5.9

Db2 12.1.0 <= 12.1.3

References

https://www.ibm.com/support/pages/node/7250472

vendor-advisorypatch

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2025
Vulnerability Reserved
Mar 19, 2025

JSON