Security Vulnerability Report
中文
CVE-2025-36131 CVSS 4.6 MEDIUM

CVE-2025-36131

Published: 2025-11-07 19:16:24
Last Modified: 2025-11-19 16:28:27
Source: [email protected]

Description

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system.

CVSS Details

CVSS Score
4.6
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:* - VULNERABLE
cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:* - VULNERABLE
cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:* - VULNERABLE
cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:* - VULNERABLE
cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:* - VULNERABLE
IBM Db2 11.1.0 - 11.1.4.7 (Linux/UNIX/Windows)
IBM Db2 11.5.0 - 11.5.9 (Linux/UNIX/Windows)
IBM Db2 12.1.0 - 12.1.3 (Linux/UNIX/Windows)
IBM Db2 Connect Server (all affected versions)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-36131 PoC - IBM Db2 clpplus Credential Exposure # Physical access required to exploit import subprocess import sys def check_credential_exposure(): """ Verify if clpplus exposes credentials in terminal output This PoC demonstrates the vulnerability by checking terminal history """ try: # Check if clpplus is installed result = subprocess.run(['which', 'clpplus'], capture_output=True, text=True) if result.returncode != 0: print("[-] clpplus command not found") return False print("[+] clpplus found at:", result.stdout.strip()) print("[+] Vulnerability: clpplus may expose credentials to terminal") print("[+] Attack vector: Physical access to system") print("[+] Recommendation: Upgrade to patched version") return True except Exception as e: print(f"[-] Error: {e}") return False def simulate_attack(): """ Simulate credential theft via physical access In real scenario: attacker views terminal output or history """ print("\n[!] Attack Simulation:") print("[!] Attacker gains physical access to system") print("[!] User runs: clpplus username/password@hostname") print("[!] Credentials visible in terminal output") print("[!] Attacker captures: username, password, hostname") print("[!] Attacker uses credentials for unauthorized database access") if __name__ == "__main__": print("=" * 60) print("CVE-2025-36131 - IBM Db2 clpplus Credential Exposure") print("=" * 60) check_credential_exposure() simulate_attack()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-36131", "sourceIdentifier": "[email protected]", "published": "2025-11-07T19:16:24.160", "lastModified": "2025-11-19T16:28:26.847", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.6, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-359"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "versionStartIncluding": "11.1.0", "versionEndIncluding": "11.1.4.7", "matchCriteriaId": "3B5A9A8A-5EE6-428A-8B3D-543B2F84D615"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "versionStartIncluding": "11.1.0", "versionEndIncluding": "11.1.4.7", "matchCriteriaId": "5971CCFD-FB34-4216-8A87-A4310EF34F23"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "versionStartIncluding": "11.1.0", "versionEndIncluding": "11.1.4.7", "matchCriteriaId": "960AA97F-0D2C-4B33-9754-69BC28399BCE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "versionStartIncluding": "11.5.0", "versionEndIncluding": "11.5.9", "matchCriteriaId": "ECAF5576-B4A5-4DB7-94F0-942F656F0461"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "versionStartIncluding": "11.5.0", "versionEndIncluding": "11.5.9", "matchCriteriaId": "B1E165E8-F11B-4F13-B54A-90D29CA2ABF8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "versionStartIncluding": "11.5.0", "versionEndIncluding": "11.5.9", "matchCriteriaId": "727E2804-2D3D-4C31-A3E5-F99107D02A27"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "2AA1764B-CD82-4B33-B85B-27CA2F7C0ED5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "8F63D92C-AC19-4FB0-A605-08DC01875E7B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "E28DCDF3-EF5B-47D6-BD38-C98334B67BE4"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7250484", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.