CVE-2025-36384

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-36384
IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element.

8.4 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.ibm.com/support/pages/node/7257678 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*
History

No history.

Information

Published : 2026-01-30 22:15

Updated : 2026-02-05 19:57

NVD link : CVE-2025-36384

Mitre link : CVE-2025-36384

CVE.ORG link : CVE-2025-36384

JSON object : View

Products Affected

ibm

  • db2
CWE
CWE-428

Unquoted Search Path or Element