CVE-2025-2534: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 versions 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) was identified with a vulnerability (CVE-2025-2534) that could lead to a denial of service condition. The vulnerability was disclosed on November 7, 2025, affecting the database server which may crash under certain conditions when processing a specially crafted query (IBM Security Bulletin).

The vulnerability has been assigned a CVSS Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H. The weakness has been classified as CWE-789: Memory Allocation with Excessive Size Value. The vulnerability affects multiple platforms including Linux, AIX, Solaris, and Windows operating systems (IBM Security Bulletin).

When successfully exploited, this vulnerability can result in a denial of service condition where the database server may crash under specific circumstances when processing specially crafted queries. This could lead to service interruption for database operations (IBM Security Bulletin).

IBM has released special builds containing interim fixes for affected versions. The fixes are available based on the most recent level for each impacted release: V11.1.4 FP7, V11.5.9, V12.1.2 and V12.1.3. These special builds can be applied to any affected level of the appropriate release to remediate the vulnerability. No workarounds have been identified for this vulnerability (IBM Security Bulletin).