CVE-2025-36008: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 versions 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux (includes Db2 Connect Server) contains a vulnerability that could allow an authenticated user to cause a denial of service. This vulnerability specifically affects users running Highly Available automation using Pacemaker, including Mutual Failover, High Availability Disaster Recovery (HADR), pureScale, or Database Partitioning Feature (DPF). The vulnerability was disclosed on November 7, 2025, and was assigned CVE-2025-36008 (IBM Security).

The vulnerability is related to improper allocation of resources in IBM Db2 Pacemaker functionality. It has been assigned a CVSS Base Score of 6.5 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The weakness is categorized as CWE-770: Allocation of Resources Without Limits or Throttling. Only Linux systems are affected, while Unix and Windows implementations are not vulnerable (IBM Security).

If exploited, this vulnerability could allow an authenticated user to cause a denial of service in IBM Db2 environments that use Pacemaker for high availability features. This affects critical high-availability configurations including Mutual Failover, HADR, pureScale, and DPF implementations (IBM Security).

IBM has released special builds containing interim fixes for affected versions. Customers running vulnerable versions can download these fixes from Fix Central. Special builds are available for V11.5.9 (Build #69673 or later), V12.1.2, and V12.1.3. These can be applied to any affected level of the appropriate release to remediate the vulnerability. No workarounds are available for this vulnerability (IBM Security).