CVE-2025-33012
Published: 07 November 2025
Summary
CVE-2025-33012 is a medium-severity Use of a Key Past its Expiration Date (CWE-324) vulnerability in Ibm Db2. Its CVSS base score is 6.3 (Medium).
Operationally, ranked at the 7.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-38310
Vulnerability details
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Key-management requirements enforce lifecycle controls that prevent continued use of expired or superseded keys.