CVE-2025-1992

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-1992
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.ibm.com/support/pages/node/7232515 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ibm:db2:*:*:*:*:-:*:*:*
cpe:2.3:a:ibm:db2:12.1.0:*:*:*:-:*:*:*
cpe:2.3:a:ibm:db2:12.1.1:*:*:*:-:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*
History

20 Aug 2025, 02:23

Type Values Removed Values Added
CPE cpe:2.3:a:ibm:db2:*:*:*:*:-:*:*:*
cpe:2.3:a:ibm:db2:12.1.0:*:*:*:-:*:*:*
cpe:2.3:a:ibm:db2:12.1.1:*:*:*:-:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*
References () https://www.ibm.com/support/pages/node/7232515 - () https://www.ibm.com/support/pages/node/7232515 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
First Time Opengroup unix
Linux
Microsoft windows
Ibm db2
Linux linux Kernel
Microsoft
Ibm
Opengroup

03 Jul 2025, 16:15

Type Values Removed Values Added
CWE CWE-401
CVSS v2 : unknown
v3 : 5.3 		v2 : unknown
v3 : unknown
Summary IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user, under non default configurations, to cause a denial of service due to insufficient release of allocated memory after usage. IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage.

05 May 2025, 17:18

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-05 17:18

Updated : 2025-08-20 02:23

NVD link : CVE-2025-1992

Mitre link : CVE-2025-1992

JSON object : View

Products Affected

linux

  • linux_kernel

ibm

  • db2

opengroup

  • unix

microsoft

  • windows
CWE

No CWE.