Cyber Posture

CVE-2025-36247

High

Published: 17 February 2026

Published
17 February 2026
Modified
18 February 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
EPSS Score 0.0024 46.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-36247 is a high-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Ibm Db2. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 46.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the XXE vulnerability by identifying, reporting, and applying vendor patches as recommended in IBM's security advisory.

SI-10 Information Input Validation good match
prevent

Prevents XXE exploitation by validating XML inputs to block malicious external entity references during Db2 XML processing.

CM-6 Configuration Settings good match
prevent

Enforces secure configuration of Db2's XML parsers to disable external entity processing and reflect least functionality.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

XXE enables exploitation of remote Db2 service (T1210) for local file disclosure (T1005) and memory exhaustion DoS (T1499.004), matching high confidentiality and low availability impacts.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to…

more

expose sensitive information or consume memory resources.

Deeper analysisAI

CVE-2025-36247 is an XML external entity injection (XXE) vulnerability, classified under CWE-611, affecting IBM Db2 for Linux, UNIX, and Windows, including Db2 Connect Server, in versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3. The issue occurs when the software processes XML data, potentially allowing injection of malicious external entities.

A remote attacker with low privileges can exploit this vulnerability over the network with low attack complexity and no user interaction required. Exploitation enables disclosure of sensitive information due to high confidentiality impact or consumption of memory resources resulting in limited availability impact, consistent with the CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L).

IBM provides details on mitigation and patches in their security advisory at https://www.ibm.com/support/pages/node/7259961.

Details

CWE(s)
CWE-611

Affected Products

ibm
db2
11.5.0 — 11.5.9 · 11.5.0 — 11.5.9 · 11.5.0 — 11.5.9

CVEs Like This One

CVE-2025-36442Same product: Ibm Db2
CVE-2025-36070Same product: Ibm Db2
CVE-2025-36384Same product: Ibm Db2
CVE-2025-36184Same product: Ibm Db2
CVE-2025-36365Same product: Ibm Db2
CVE-2025-12531Same vendor: Ibm
CVE-2026-1567Same vendor: Ibm
CVE-2025-0162Same vendor: Ibm
CVE-2024-49352Same vendor: Ibm
CVE-2024-28766Same vendor: Ibm

References