CVE-2025-36186

Description

IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.

CVSS Details

CVSS Score

7.4

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:* - VULNERABLE

cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:* - VULNERABLE

cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:* - VULNERABLE

IBM Db2 12.1.0 for Linux, UNIX, and Windows

IBM Db2 12.1.1 for Linux, UNIX, and Windows

IBM Db2 12.1.2 for Linux, UNIX, and Windows

IBM Db2 12.1.3 for Linux, UNIX, and Windows

IBM Db2 Connect Server (所有受影响的Db2版本)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-36186 PoC - IBM Db2 Local Privilege Escalation
# Note: This is a conceptual PoC for educational and security research purposes only
# Unauthorized access to computer systems is illegal

import os
import subprocess
import sys

def check_db2_installation():
    """Check if vulnerable IBM Db2 version is installed"""
    db2_paths = [
        '/opt/ibm/db2/V11.5',
        '/opt/ibm/db2/V12.1',
        'C:\\Program Files\\IBM\\DB2\\'
    ]
    
    for path in db2_paths:
        if os.path.exists(path):
            print(f'[+] Found Db2 installation at: {path}')
            return path
    
    print('[-] No Db2 installation found')
    return None

def check_privileges():
    """Check current user privileges"""
    if os.name == 'posix':
        result = subprocess.run(['id'], capture_output=True, text=True)
        print(f'[+] Current user: {result.stdout.strip()}')
    else:
        result = subprocess.run(['whoami'], capture_output=True, text=True)
        print(f'[+] Current user: {result.stdout.strip()}')

def exploit_db2_privilege_esc(db2_path):
    """
    Conceptual exploitation steps for CVE-2025-36186
    Actual exploitation requires specific conditions and configurations
    """
    print('[*] Attempting privilege escalation via Db2...')
    print('[*] This vulnerability exploits excessive privileges in Db2 configuration')
    print('[*] Exploitation requires:')
    print('    1. Local access to the system')
    print('    2. Db2 running with elevated privileges')
    print('    3. Specific configuration allowing privilege escalation')
    print('[*] Refer to IBM Security Bulletin for official remediation')

def main():
    print('=== CVE-2025-36186 IBM Db2 Privilege Escalation Check ===')
    check_privileges()
    db2_path = check_db2_installation()
    
    if db2_path:
        exploit_db2_privilege_esc(db2_path)
    else:
        print('[-] Target system does not appear to be vulnerable')

if __name__ == '__main__':
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-36186
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-36186
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-36186/
[4] VulDB https://vuldb.com/cve/CVE-2025-36186
[5] https://www.ibm.com/support/pages/node/7250486

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-36186", "sourceIdentifier": "[email protected]", "published": "2025-11-07T19:16:24.943", "lastModified": "2025-11-18T19:08:25.080", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.4, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-250"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:linux:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "2AA1764B-CD82-4B33-B85B-27CA2F7C0ED5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:unix:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "8F63D92C-AC19-4FB0-A605-08DC01875E7B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:windows:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.3", "matchCriteriaId": "E28DCDF3-EF5B-47D6-BD38-C98334B67BE4"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7250486", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}