PT-2026-5452 · Ibm · Db2 For Linux+1

Published

2026-01-30

Updated

2026-01-31

CVE-2025-36365

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 11.5.0 through 11.5.9 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 12.1.0 through 12.1.3

Description An authenticated user may be able to execute unauthorized commands due to an authorization bypass. This occurs when using a user-controlled key with a specific configuration of cataloged remote storage aliases.

Recommendations IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 11.5.0 through 11.5.9 should be updated. IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) versions 12.1.0 through 12.1.3 should be updated.

Fix

LPE

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2025-36365

Affected Products

Db2 Connect Server

Db2 For Linux

PT-2026-5452 · Ibm · Db2 For Linux+1

CVE-2025-36365

Weakness Enumeration

Related Identifiers

Affected Products

References · 9