CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-36247

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.1%

CVSS Severity

CVSS v3 Score 7.1

References

https://www.ibm.com/support/pages/node/7259961

Products affected by CVE-2025-36247

Ibm » Db2 » Version: 11.5.0

cpe:2.3:a:ibm:db2:11.5.0
Ibm » Db2 » Version: 11.5.9

cpe:2.3:a:ibm:db2:11.5.9
Ibm » Db2 » Version: 12.1.0

cpe:2.3:a:ibm:db2:12.1.0
Ibm » Db2 » Version: 12.1.1

cpe:2.3:a:ibm:db2:12.1.1
Ibm » Db2 » Version: 12.1.2

cpe:2.3:a:ibm:db2:12.1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-36247

Products

Pricing

Contact Us