CVE-2025-13108

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7260043	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:::::linux::
	cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:::::unix::
	cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:::::windows::

History

No history.

Information

Published : 2026-02-17 20:22

Updated : 2026-02-26 23:11

NVD link : CVE-2025-13108

Mitre link : CVE-2025-13108

CVE.ORG link : CVE-2025-13108

JSON object : View

Products Affected

ibm

db2_merge_backup

CWE

NVD-CWE-noinfo CWE-226

Sensitive Information in Resource Not Removed Before Reuse

{"id": "CVE-2025-13108", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-02-17T20:22:01.587", "references": [{"url": "https://www.ibm.com/support/pages/node/7260043", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-226"}]}], "descriptions": [{"lang": "en", "value": "IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources."}, {"lang": "es", "value": "IBM DB2 Merge Backup para Linux, UNIX y Windows 12.1.0.0 podr\u00eda permitir a un atacante acceder a informaci\u00f3n sensible en la memoria debido a que el b\u00fafer no libera los recursos correctamente."}], "lastModified": "2026-02-26T23:11:08.460", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "D4819D3E-34CC-4D0A-9BC5-3B0B2FF287C0"}, {"criteria": "cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:*:*:*:*:unix:*:*", "vulnerable": true, "matchCriteriaId": "80F6A623-364C-4E5A-A20B-58F30FE1EF5F"}, {"criteria": "cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "2F54A9A5-0C7C-42A3-87C6-0DF353E88CD2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}