CVE-2025-36070
Published: 30 January 2026
Summary
CVE-2025-36070 is a medium-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Ibm Db2. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 13.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-36070 is a denial-of-service vulnerability (CWE-770) in IBM Db2 for Linux, UNIX, and Windows, including Db2 Connect Server, affecting versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3. The issue occurs when a trap is triggered during SELECT operations on certain types of tables, with a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
An authenticated attacker with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction. Exploitation triggers a trap that results in high-impact denial of service by disrupting database availability, without compromising confidentiality or integrity.
IBM provides details on mitigation, including available patches, in their security advisory at https://www.ibm.com/support/pages/node/7257624.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-206553
Vulnerability details
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
DoS via trap on SELECT directly matches application exploitation for endpoint denial of service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the root cause by requiring timely application of the vendor patches IBM provides for the trap in SELECT processing.
Implements protections against resource-exhaustion and trap-induced denial of service that this CVE exploits via crafted table SELECTs.
Ensures graceful error handling for unexpected traps instead of allowing the database process to crash and cause full DoS.