IBM DB2 Merge Backup 12.1.0.0 Buffer Over-read Leak (CVE-2025-13108)
CVE-2025-13108 Published on February 17, 2026
Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows
IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.
Vulnerability Analysis
CVE-2025-13108 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Sensitive Information in Resource Not Removed Before Reuse
When a device releases a resource such as memory or a file for reuse by other entities, information contained in the resource is not fully cleared prior to reuse of the resource.
Products Associated with CVE-2025-13108
stack.watch emails you whenever new vulnerabilities are published in IBM Db2 Merge Backup Linux Unix Windows or IBM Db2. Just hit a watch button to start following.
Affected Versions
IBM DB2 Merge Backup for Linux, UNIX and Windows:- Version 12.1.0.0, <= 2.1.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.