Information Disclosure Vulnerability in IBM Db2 Database Products
CVE-2025-36372

5.5MEDIUM

Key Information:

Vendor: IBM
Status: Db2
Vendor: CVE Published:; 30 June 2026

What is CVE-2025-36372?

IBM Db2 versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4 for Linux, UNIX, and Windows, including Db2 Connect Server, have a vulnerability that allows an authenticated user to access sensitive information from monitoring and event tables. This exposure could lead to unauthorized data analysis and exploitation if not addressed promptly.

Affected Version(s)

Db2 11.5.0 <= 11.5.9

Db2 12.1.0 <= 12.1.4

References

https://www.ibm.com/support/pages/node/7277417

vendor-advisorypatch

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Apr 15, 2025

CVE-2025-36372 Data

JSON