IBM Db2 11.5.x/12.1.x Sensitive Info Leakage via Monitoring Tables
CVE-2025-36372 Published on June 30, 2026
IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information to an authenticated user from the monitoring and event tables.
Vulnerability Analysis
CVE-2025-36372 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Insertion of Sensitive Information into Externally-Accessible File or Directory
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
Products Associated with CVE-2025-36372
Want to know whenever a new CVE is published for IBM Db2? stack.watch will email you.
Affected Versions
IBM Db2:- Version 11.5.0, <= 11.5.9 is affected.
- Version 12.1.0, <= 12.1.4 is affected.