CVE-2025-36423 is a vulnerability identified in IBM Db2 for Linux, UNIX, and Windows versions 12.1.0 through 12.1.3, including Db2 Connect Server. The issue arises from improper validation of specified quantities in input, categorized under CWE-1284, which relates to improper neutralization of special elements in data query logic. This flaw allows a local user with privileges to craft malicious input that disrupts the database's query processing, leading to a denial of service condition. Specifically, the vulnerability enables the attacker to cause the Db2 service to crash or become unresponsive, thereby impacting availability. The vulnerability does not affect confidentiality or integrity of data. Exploitation requires local access with some privileges but does not require user interaction, making it a threat primarily from insider threats or compromised local accounts. No public exploits have been reported to date, but the vulnerability is assigned a CVSS v3.1 base score of 6.5, indicating medium severity. The vulnerability is significant because IBM Db2 is widely used in enterprise environments for critical data management, and a DoS condition could disrupt business operations. The lack of available patches at the time of reporting necessitates immediate risk mitigation through access controls and monitoring. The vulnerability was reserved in April 2025 and published in January 2026, indicating a recent discovery and disclosure timeline.

For European organizations, the primary impact of CVE-2025-36423 is the potential for denial of service on critical IBM Db2 database servers. This can lead to operational disruptions, affecting business continuity, especially in sectors relying heavily on database availability such as finance, manufacturing, telecommunications, and public services. Since the vulnerability requires local access, the risk is heightened in environments where local user privileges are not tightly controlled or where insider threats exist. The disruption of database services can delay transaction processing, data retrieval, and application functionality, potentially causing financial losses and reputational damage. Additionally, in regulated industries, prolonged downtime could lead to compliance issues. Although confidentiality and integrity are not directly impacted, the availability loss can indirectly affect data reliability and service trustworthiness. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits post-disclosure. European organizations with extensive IBM Db2 deployments must consider this vulnerability in their risk assessments and incident response planning.

1. Apply official IBM patches and updates as soon as they become available for Db2 versions 12.1.0 through 12.1.3. 2. Restrict local user privileges on Db2 servers to the minimum necessary, enforcing the principle of least privilege to reduce the risk of exploitation by local users. 3. Implement strict access controls and monitoring on systems hosting Db2 to detect and prevent unauthorized local access. 4. Use host-based intrusion detection systems (HIDS) to monitor for unusual database process crashes or abnormal query patterns indicative of exploitation attempts. 5. Regularly audit user accounts and permissions on Db2 servers to identify and remove unnecessary or dormant accounts. 6. Employ network segmentation to isolate critical database servers from less trusted network zones, limiting the attack surface. 7. Develop and test incident response procedures specifically addressing database availability incidents to ensure rapid recovery. 8. Educate system administrators and security teams about this vulnerability and the importance of monitoring local user activities on database servers. 9. Consider deploying application-layer firewalls or database activity monitoring tools that can detect anomalous query inputs or behaviors related to this vulnerability.