Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
IBM DB2 Recovery Expert for LUW 5.5: Untrusted Web Requests Can Harm System
CVE-2025-27904
Summary
IBM DB2 Recovery Expert for Linux, UNIX, and Windows may allow an attacker to trick a trusted user into performing malicious actions on the system. This could lead to unauthorized changes or data breaches. IBM recommends applying the latest fixes to protect against this risk.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ibm | db2_recovery_expert | 5.5.0 | – |
| ibm | db2_recovery_expert | 5.5.0 | – |
| ibm | db2_recovery_expert | 5.5.0 | – |
Original title
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute maliciou...
Original description
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
nvd CVSS3.1
6.5
Vulnerability type
CWE-352
Cross-Site Request Forgery (CSRF)
- https://www.ibm.com/support/pages/node/7259901 Vendor Advisory Patch
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026