Improper Token Validation in IBM Db2 on Cloud Pak for Data Products
CVE-2025-2669

6MEDIUM

Key Information:

Vendor: IBM
Status: Db2 On Cloud Pak For Data And Db2 Warehouse On Cloud Pak For Data
Vendor: CVE Published:; 22 June 2026

What is CVE-2025-2669?

IBM Db2 on Cloud Pak for Data products have a vulnerability that allows a privileged user to bypass authorization mechanisms due to improper token validation. This flaw could lead to unauthorized operations and the exposure of sensitive information, posing significant risks to data integrity and confidentiality.

Affected Version(s)

Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 4.8.0

Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 5.0.0 <= 5.3.0

References

https://www.ibm.com/support/pages/node/7277112

vendor-advisorypatch

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Mar 22, 2025

CVE-2025-2669 Data

JSON