Unrated severityNVD Advisory· Published Nov 7, 2025· Updated Nov 7, 2025

IBM Db2 information disclosure

CVE-2025-36131

Description

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system.

Affected products

IBM/Db2v52 versions
cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:db2:11.1.0:*:*:*:*:*:*:*range: 11.1.0
- (no CPE)range: 11.1.0 - 11.1.4.7, 11.5.0 - 11.5.9, 12.1.0 - 12.1.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7250484mitrevendor-advisorypatch

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000