CVE-2025-36006 — Improper Resource Shutdown or Release in IBM DB2

CWE-404 — Improper Resource Shutdown or Release3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.0%

top 90.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2

Timeline

PublishedNov 7

Description

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/db210.5.0 — 10.5.11+3

▶NVDibm/db210.5.0.0 — 10.5.0.11+3

🔴Vulnerability Details

CVEList

IBM Db2 denial of service↗2025-11-07

▶

GHSA

GHSA-cwqg-7p33-9wgx: IBM Db2 10↗2025-11-07

▶