Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
IBM Db2: HADR Configuration Gives Away Sensitive Info
CVE-2025-36425
Summary
IBM Db2 users may be at risk if their High Availability Disaster Recovery (HADR) setup is not properly configured. An attacker with a valid login could potentially access sensitive information if they know how to exploit this weakness. Update to a fixed version to protect your database.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ibm | db2 | > 11.5.0 , <= 11.5.9 | – |
| ibm | db2 | > 11.5.0 , <= 11.5.9 | – |
| ibm | db2 | > 11.5.0 , <= 11.5.9 | – |
| ibm | db2 | > 12.1.0 , <= 12.1.3 | – |
| ibm | db2 | > 12.1.0 , <= 12.1.3 | – |
| ibm | db2 | > 12.1.0 , <= 12.1.3 | – |
Original title
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HA...
Original description
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration.
nvd CVSS3.1
6.5
Vulnerability type
CWE-256
- https://www.ibm.com/support/pages/node/7259962 Vendor Advisory
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026