CVE-2025-1000

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 11.5.0 through 11.5.9 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 12.1.0 through 12.1.1

Description The issue allows an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting.

Recommendations For versions 11.5.0 through 11.5.9, update to a version outside of this range to resolve the issue. For versions 12.1.0 through 12.1.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to z/OS databases to minimize the risk of exploitation.