CVE-2025-2518: 
IBM Db2 vulnerability analysis and mitigation

CVE-2025-2518 affects IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1. The vulnerability was discovered and disclosed on May 29, 2025, and allows a denial of service condition where the server may crash under certain conditions with a specially crafted query (IBM Security Bulletin, NVD).

The vulnerability is classified under CWE-789 (Memory Allocation with Excessive Size Value). It has been assigned a CVSS v3.1 Base Score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating that it requires network access, has high attack complexity, requires low privileges, needs no user interaction, has unchanged scope, and can only impact availability (IBM Security Bulletin).

If successfully exploited, the vulnerability can result in a denial of service condition where the Db2 server may crash when processing specially crafted queries. This could lead to service disruption for systems relying on the affected Db2 installations (IBM Security Bulletin).

IBM has released special builds containing interim fixes for the affected versions. For V11.5.9, Special Build #58840 or later is available, and for V12.1.1, Special Build #59885 or later is available. These special builds can be applied to any affected mod pack level of the appropriate release to remediate the vulnerability. No workarounds are available (IBM Security Bulletin).