CVE-2025-36006 is a vulnerability classified under CWE-404 (Improper Resource Shutdown or Release) affecting IBM Db2 database software versions 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 on Linux, UNIX, and Windows platforms, including Db2 Connect Server. The issue stems from improper handling and release of system or application resources after their use, which can lead to resource leaks or exhaustion. An authenticated user with network access but low privileges can exploit this flaw to cause a denial of service (DoS) by depleting resources, thereby impacting the availability of the database service. The CVSS v3.1 score is 6.5 (medium severity), reflecting that while the impact on confidentiality and integrity is none, the availability impact is high. Exploitation does not require user interaction, and the scope remains unchanged, meaning the vulnerability affects only the vulnerable component. Currently, there are no known exploits in the wild, and no official patches have been linked, though IBM is expected to release fixes. This vulnerability could be leveraged by insiders or attackers who have gained authenticated access to disrupt critical database operations, potentially affecting business continuity and service reliability.

For European organizations, the primary impact is a denial of service on IBM Db2 database servers, which can disrupt business-critical applications relying on these databases. This can lead to operational downtime, loss of productivity, and potential financial losses. Industries such as finance, telecommunications, manufacturing, and public sector entities that depend heavily on IBM Db2 for transaction processing and data management are particularly at risk. Since the vulnerability requires authenticated access, the risk is elevated if internal users or compromised credentials are leveraged by attackers. The lack of impact on confidentiality and integrity reduces the risk of data breaches but does not mitigate the operational disruption caused by service unavailability. Organizations with stringent uptime requirements and service level agreements (SLAs) may face reputational damage if service interruptions occur. Additionally, the cross-platform nature of the vulnerability means that heterogeneous environments common in European enterprises are all potentially affected.

1. Restrict authenticated user privileges to the minimum necessary to reduce the risk of exploitation by low-privilege users. 2. Monitor resource usage patterns on Db2 servers closely to detect abnormal resource consumption indicative of exploitation attempts. 3. Implement network segmentation and access controls to limit which users and systems can authenticate to Db2 instances. 4. Apply IBM security advisories and patches promptly once they become available to address this vulnerability. 5. Conduct regular audits of user accounts and authentication logs to identify suspicious activities. 6. Consider deploying database activity monitoring (DAM) solutions to detect and alert on anomalous behaviors related to resource usage. 7. Prepare incident response plans specifically addressing denial of service scenarios affecting database availability. 8. Test backup and recovery procedures to ensure rapid restoration in case of service disruption.