IBM Db2 12.1.0-12.1.2 Local User DDOS via Improper Query Logic
CVE-2025-36185 Published on November 7, 2025
IBM Db2 denial of service
IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
Vulnerability Analysis
CVE-2025-36185 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Improper Neutralization of Special Elements in Data Query Logic
The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.
Products Associated with CVE-2025-36185
Want to know whenever a new CVE is published for IBM Db2? stack.watch will email you.
Affected Versions
IBM Db2:- Version 12.1.0, <= 12.1.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.