Session ID Handling Issue in IBM Db2 Mirror for i by IBM
CVE-2025-36117

6.3MEDIUM

Key Information:

Vendor: IBM
Status: Db2 Mirror For I
Vendor: CVE Published:; 23 July 2025

What is CVE-2025-36117?

IBM Db2 Mirror for i versions 7.4, 7.5, and 7.6 contain a vulnerability whereby session IDs are not invalidated after use. This oversight can potentially enable an authenticated user to impersonate another valid user within the system, leading to unauthorized access and actions. Users are encouraged to review their security practices and apply necessary patches to mitigate risks associated with this vulnerability.

Affected Version(s)

Db2 Mirror for i 7.4, 7.5, 7.6

References

https://www.ibm.com/support/pages/node/7240351

vendor-advisory

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Apr 15, 2025