CVE-2025-36247
HIGH WAF: High
CVSS 8.2
Published: 2026-02-17
CWE-611
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | db2 | 11.5.0 - 11.5.9 |
| ibm | db2 | 11.5.0 - 11.5.9 |
| ibm | db2 | 11.5.0 - 11.5.9 |
| ibm | db2 | 12.1.0 - 12.1.3 |
| ibm | db2 | 12.1.0 - 12.1.3 |
| ibm | db2 | 12.1.0 - 12.1.3 |
References
- www.ibm.com (Vendor Advisory)