- Description
- IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
- Source
- psirt@us.ibm.com
- NVD status
- Analyzed
- Products
- db2
CVSS 3.1
- Type
- Primary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
- Severity
- HIGH
- psirt@us.ibm.com
- CWE-611
- Hype score
- Not currently trending
CVE-2025-36247 (CVSS:7.1, HIGH) is Analyzed. IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vul..https://t.co/NH09mCMZTO #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
22 Feb 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-36247 XML External Entity Injection Vulnerability in IBM Db2 11... https://t.co/j2IXIr9L1A Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd
@VulmonFeeds
17 Feb 2026
35 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE Alert: CVE-2025-36247 - IBM - Db2 for Linux, UNIX and Windows - https://t.co/krHLVSqda2 #OSINT #ThreatIntel #CyberSecurity #cve-2025-36247 #ibm #db2-for-linux-unix-and-windows
@RedPacketSec
17 Feb 2026
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-36247 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (X… https://t.co/VJihCArtZe
@CVEnew
17 Feb 2026
131 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "ECAF5576-B4A5-4DB7-94F0-942F656F0461",
"versionEndIncluding": "11.5.9",
"versionStartIncluding": "11.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
"matchCriteriaId": "B1E165E8-F11B-4F13-B54A-90D29CA2ABF8",
"versionEndIncluding": "11.5.9",
"versionStartIncluding": "11.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "727E2804-2D3D-4C31-A3E5-F99107D02A27",
"versionEndIncluding": "11.5.9",
"versionStartIncluding": "11.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "2AA1764B-CD82-4B33-B85B-27CA2F7C0ED5",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*",
"matchCriteriaId": "8F63D92C-AC19-4FB0-A605-08DC01875E7B",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E28DCDF3-EF5B-47D6-BD38-C98334B67BE4",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]