CVE-2025-3050: 
IBM Db2 vulnerability analysis and mitigation

CVE-2025-3050 affects IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1. The vulnerability was discovered and disclosed on May 29, 2025, allowing an authenticated user to cause a denial of service when using Q replication due to improper allocation of CPU resources (IBM Security).

The vulnerability is classified under CWE-770 (Allocation of Resources Without Limits or Throttling). It has been assigned a CVSS v3.1 Base Score of 5.3 MEDIUM with the following vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility with high attack complexity, requiring low privileges, no user interaction, and potentially resulting in high availability impact (IBM Security).

The primary impact of this vulnerability is on system availability. When exploited, it can cause a denial of service condition specifically when using Q replication functionality, due to improper allocation of CPU resources. This affects the system's availability while maintaining no impact on confidentiality or integrity (IBM Security).

IBM has released special builds containing interim fixes for affected versions. For V11.5.9, Special Build #58840 or later is available, and for V12.1.1, Special Build #59885 or later can be downloaded. These special builds can be applied to any affected mod pack level of the appropriate release to remediate the vulnerability. No workarounds have been identified (IBM Security).