Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
IBM Db2: Authenticated User Can Crash Server
CVE-2025-14689
Summary
IBM's Db2 database software has a security issue that could crash the server if an attacker sends a specific query. This could make the database unavailable to users. It's recommended to upgrade to a fixed version of Db2.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ibm | db2 | > 12.1.0 , <= 12.1.3 | – |
| ibm | db2 | > 12.1.0 , <= 12.1.3 | – |
| ibm | db2 | > 12.1.0 , <= 12.1.3 | – |
Original title
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elem...
Original description
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects.
nvd CVSS3.1
6.5
Vulnerability type
CWE-1284
- https://www.ibm.com/support/pages/node/7259964 Vendor Advisory
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026