Due to several software vulnerabilities, attackers can attack IBM Db2 and, in the worst case, completely compromise instances. To prevent this, admins should install the secure versions.
Malicious code loophole
The most dangerous vulnerability is a security hole (CVE-2025-33092″high”) through which malicious code can slip through. The basis for such attacks is a memory error triggered by attackers. It is not yet clear how such an attack could actually take place. According to a warning message, the client and server editions of Db2 are at risk. This affects Db2 versions 11.5.0 up to and including 11.5.9 and 12.1.0 up to and including 12.1.2.
To prepare systems against the described attack, admins must install the special builds linked in the warning message.
Another vulnerability (CVE-2025-24970) is classified as”high”. It affects the Netty application framework. Attackers can provoke crashes at this point. A special build should also provide a remedy here.
Further dangers
The remaining vulnerabilities are classified as”medium”. Attackers can usually create DoS states at these points without authentication, which results in crashes. Admins can find the versions equipped against this in the linked warning messages (sorted by threat level in descending order):
(des)
Don’t miss any news – follow us on
Facebook,
LinkedIn or
Mastodon.
This article was originally published in
German.
It was translated with technical assistance and editorially reviewed before publication.
Dieser Link ist leider nicht mehr gültig.
Links zu verschenkten Artikeln werden ungültig,
wenn diese älter als 7 Tage sind oder zu oft aufgerufen wurden.
Sie benötigen ein heise+ Paket, um diesen Artikel zu lesen. Jetzt eine Woche unverbindlich testen – ohne Verpflichtung!