Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
IBM Db2: Authenticated User Can Crash the System
CVE-2025-13867
Summary
A security issue in IBM Db2 for Linux, UNIX, and Windows could allow an authenticated user to crash the system. This could happen when a user sends a specially crafted query, which could cause the system to become unresponsive. To fix this, update to a patched version of IBM Db2 or apply a temporary workaround.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ibm | db2 | > 11.5.0 , <= 11.5.9 | – |
| ibm | db2 | > 11.5.0 , <= 11.5.9 | – |
| ibm | db2 | > 11.5.0 , <= 11.5.9 | – |
| ibm | db2 | > 12.1.0 , <= 12.1.3 | – |
| ibm | db2 | > 12.1.0 , <= 12.1.3 | – |
| ibm | db2 | > 12.1.0 , <= 12.1.3 | – |
Original title
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neut...
Original description
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic
nvd CVSS3.1
6.5
Vulnerability type
CWE-1284
- https://www.ibm.com/support/pages/node/7259963 Vendor Advisory
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026