CVE-2025-36123

CWE-770 — Allocation without Limits6 documents6 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 99.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2

Timeline

PublishedJan 30

Latest updateJan 31

Description

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages1 packages

▶NVDibm/db211.5.0 — 11.5.9+1

Patches

Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-ww69-px64-3pgv: IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11↗2026-01-31

▶

CVEList

IBM Db2 Denial of Service↗2026-01-30

▶

OSV

CVE-2025-36123: IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11↗2026-01-30

▶

📋Vendor Advisories

Microsoft

The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.↗2022-07-12

▶

🕵️Threat Intelligence

Wiz

CVE-2025-36123 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶