CVE-2025-1991
BaseFortify
Publication date: 2025-06-28
Last updated on: 2025-08-14
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | informix_dynamic_server | 12.10 |
| ibm | informix_dynamic_server | 14.10 |
| ibm | informix_dynamic_server | 15.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-1991 is a vulnerability in IBM Informix Dynamic Server where an integer underflow occurs during the processing of protocol packets. This flaw allows a remote attacker to cause a denial-of-service (DoS) attack by exploiting this integer underflow. The vulnerability affects versions 12.10, 14.10, and 15.0 of the server and does not require any privileges or user interaction to be exploited. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote attacker to cause a denial-of-service (DoS) condition on your IBM Informix Dynamic Server. This means the server could become unavailable or crash, affecting the availability of your database services. There is no impact on confidentiality or integrity, but the availability impact is high. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade IBM Informix Dynamic Server to the fixed versions: 14.10.xC11W2 or 12.10.xC16W2, which are available from IBM Fix Central under Informix Server fixes. Users should follow the Informix Servers documentation for proper upgrade instructions. No other workarounds or mitigations are provided. [1]