CVE-2025-36136

Description

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor script incorrectly detecting that the instance is still starting under specific conditions.

CVSS Details

CVSS Score

5.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:* - VULNERABLE

cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:* - VULNERABLE

cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:* - VULNERABLE

cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:* - VULNERABLE

cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:* - VULNERABLE

IBM Db2 11.5.0

IBM Db2 11.5.1

IBM Db2 11.5.2

IBM Db2 11.5.3

IBM Db2 11.5.4

IBM Db2 11.5.5

IBM Db2 11.5.6

IBM Db2 11.5.7

IBM Db2 11.5.8

IBM Db2 11.5.9

IBM Db2 12.1.0

IBM Db2 12.1.1

IBM Db2 12.1.2

IBM Db2 12.1.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-36136 PoC - IBM Db2 Local DoS via Monitor Script
# This PoC demonstrates how local user can trigger the monitor script issue
# Note: Actual exploitation requires specific conditions and DB2 environment

import subprocess
import time
import os

def check_db2_instance_status():
    """Check if DB2 instance is in problematic state"""
    try:
        # Check DB2 instance status using db2pd or similar tool
        result = subprocess.run(
            ['db2pd', '-instances'],
            capture_output=True,
            text=True,
            timeout=10
        )
        return result.stdout
    except Exception as e:
        return f"Error checking instance: {e}"

def trigger_monitor_script_issue():
    """
    Trigger the monitor script condition that causes incorrect
    'instance still starting' detection
    
    Note: This is a conceptual PoC. Actual exploitation requires:
    1. Local access to the DB2 server
    2. Specific DB2 version (11.5.0-11.5.9 or 12.1.0-12.1.3)
    3. Ability to manipulate instance state
    """
    print("[*] CVE-2025-36136 - IBM Db2 Monitor Script DoS PoC")
    print("[*] Target: IBM Db2 11.5.x / 12.1.x")
    
    # Step 1: Verify DB2 installation
    print("\n[1] Checking DB2 installation...")
    instance_info = check_db2_instance_status()
    print(f"Instance info: {instance_info}")
    
    # Step 2: Attempt to trigger the condition
    print("\n[2] Attempting to trigger monitor script issue...")
    print("[*] This requires specific conditions to be met:")
    print("    - DB2 instance in transitional state")
    print("    - Monitor script running with specific timing")
    
    # Step 3: Monitor for denial of service
    print("\n[3] Monitoring for DoS condition...")
    print("[*] If monitor script incorrectly detects 'still starting':")
    print("    - Database may become unresponsive")
    print("    - Connection attempts may fail")
    print("    - Service availability is compromised")
    
    return True

if __name__ == "__main__":
    trigger_monitor_script_issue()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-36136
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-36136
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-36136/
[4] VulDB https://vuldb.com/cve/CVE-2025-36136
[5] https://www.ibm.com/support/pages/node/7250485

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-36136", "sourceIdentifier": "[email protected]", "published": "2025-11-07T19:16:24.557", "lastModified": "2025-11-19T16:27:55.993", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor script incorrectly detecting that the instance is still starting under specific conditions."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.4, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "versionStartIncluding": "11.5.0", "versionEndIncluding": "11.5.9", "matchCriteriaId": "ECAF5576-B4A5-4DB7-94F0-942F656F0461"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "versionStartIncluding": "11.5.0", "versionEndIncluding": "11.5.9", "matchCriteriaId": "B1E165E8-F11B-4F13-B54A-90D29CA2ABF8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "versionStartIncluding": "11.5.0", "versionEndIncluding": "11.5.9", "matchCriteriaId": "727E2804-2D3D-4C31-A3E5-F99107D02A27"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "2AA1764B-CD82-4B33-B85B-27CA2F7C0ED5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "8F63D92C-AC19-4FB0-A605-08DC01875E7B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "E28DCDF3-EF5B-47D6-BD38-C98334B67BE4"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7250485", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}