CVE-2025-36098 is a vulnerability classified under CWE-770, which pertains to the allocation of resources without proper limits or throttling. This flaw exists in IBM Db2 for Linux, UNIX, and Windows, specifically versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3, including Db2 Connect Server. The vulnerability allows an authenticated user to trigger excessive resource consumption, leading to denial of service conditions. The root cause is the lack of adequate controls on resource allocation, such as memory, CPU, or connection slots, which can be exhausted by crafted queries or operations. Since the attack vector requires authentication but no additional user interaction, it is feasible for insiders or compromised accounts to exploit this issue. The CVSS v3.1 score is 6.5 (medium severity), reflecting the high impact on availability but no impact on confidentiality or integrity. No public exploits have been reported yet, but the vulnerability poses a risk to service continuity and system stability in environments running the affected Db2 versions.

For European organizations, the primary impact is on availability, as the vulnerability can cause denial of service by exhausting critical system resources. This can disrupt business operations, especially in sectors relying heavily on IBM Db2 databases such as banking, telecommunications, manufacturing, and government services. Downtime or degraded performance could lead to financial losses, regulatory non-compliance, and damage to reputation. Since the vulnerability requires authenticated access, insider threats or compromised credentials increase risk. Organizations with multi-tenant environments or cloud-hosted Db2 instances may face amplified risks due to shared resource pools. The lack of impact on confidentiality and integrity reduces risks of data breaches but does not diminish the operational threat posed by service interruptions.

1. Apply official patches and updates from IBM as soon as they become available to address this vulnerability. 2. Implement strict access controls and enforce the principle of least privilege to limit the number of users with authenticated access to Db2 instances. 3. Monitor database resource usage metrics closely, including CPU, memory, and connection counts, to detect abnormal spikes indicative of exploitation attempts. 4. Configure resource governor or workload management features within Db2 to impose limits on resource consumption per user or session. 5. Conduct regular audits of user accounts and sessions to identify and disable inactive or suspicious accounts. 6. Employ network segmentation and firewall rules to restrict access to Db2 servers only to trusted hosts and users. 7. Educate administrators and users about the risks of credential compromise and enforce strong authentication mechanisms such as multifactor authentication. 8. Prepare incident response plans that include steps for mitigating denial of service scenarios affecting database availability.