Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 allows attackers to trick users into visiting fake websites
CVE-2025-27900
Summary
A flaw in IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow hackers to trick users into visiting fake websites that look like trusted ones, potentially leading to sensitive information theft or further attacks. This is a type of phishing attack that can occur when a user clicks on a link that appears to be from a trusted source but actually takes them to a malicious site. To protect against this, users should be cautious when clicking on links and verify the authenticity of the website before entering any sensitive information.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ibm | db2_recovery_expert | 5.5.0 | – |
| ibm | db2_recovery_expert | 5.5.0 | – |
| ibm | db2_recovery_expert | 5.5.0 | – |
Original title
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web...
Original description
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
nvd CVSS3.1
6.1
Vulnerability type
CWE-601
Open Redirect
- https://www.ibm.com/support/pages/node/7259901 Vendor Advisory Patch
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026