IBM Db2 11.5.x/12.1.x Sensitive Info Leakage via Monitoring Tables
CVE-2025-36372 Published on June 30, 2026

IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information to an authenticated user from the monitoring and event tables.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-36372 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Insertion of Sensitive Information into Externally-Accessible File or Directory

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.


Products Associated with CVE-2025-36372

Want to know whenever a new CVE is published for IBM Db2? stack.watch will email you.

 

Affected Versions

IBM Db2: