CVE-2025-0915: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 contain a vulnerability (CVE-2025-0915) that could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources. The vulnerability was disclosed on May 5, 2025, and specifically affects the Linux platform, while Unix and Windows platforms are not affected (IBM Security, NVD).

The vulnerability is classified with a CVSS v3.1 Base Score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H. The weakness is categorized as CWE-770: Allocation of Resources Without Limits or Throttling. The vulnerability stems from improper handling of memory resource allocation and release under specific configurations (IBM Security, Wiz).

The successful exploitation of this vulnerability could result in a denial of service condition. The attack requires network access and low privileges, but has high complexity. The impact is limited to availability, with no direct effect on confidentiality or integrity of the system (IBM Security).

IBM has released special builds containing interim fixes for the affected versions. For V11.5.9, users can download Special Build #55285 or later, and for V12.1.1, Special Build #54779 or later is available. These special builds can be applied to any affected level of the appropriate release to remediate the vulnerability. No workarounds or alternative mitigations have been provided (IBM Security).