Information disclosure in IBM DB2 LUW - CVE-2025-36131
Published: November 12, 2025
Vulnerability identifier: #VU118365
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-36131
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
IBM DB2 LUW
IBM DB2 LUW
Detailed vulnerability description
The vulnerability allows an attacker with physical access to the system to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. An attacker with physical access to the system can gain unauthorized access to sensitive information.
How to mitigate CVE-2025-36131
Install updates from vendor's website.