IBM Db2 for Linux DoS via crafted query (12.1.0-12.1.2)
CVE-2025-33114 Published on July 29, 2025
IBM Db2 for Linux denial of service
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2
is vulnerable to denial of service with a specially crafted query under certain non-default conditions.
Vulnerability Analysis
CVE-2025-33114 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Improper Neutralization of Special Elements in Data Query Logic
The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.
Products Associated with CVE-2025-33114
Want to know whenever a new CVE is published for IBM Db2? stack.watch will email you.
Affected Versions
IBM Db2:- Version 12.1.0 is affected.
- Version 12.1.1 is affected.
- Version 12.1.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.