CVE-2025-33012
BaseFortify
Publication date: 2025-11-07
Last updated on: 2025-11-19
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | db2 | From 10.5.0.0 (inc) to 10.5.0.11 (inc) |
| ibm | db2 | From 11.1.0 (inc) to 11.1.4.7 (inc) |
| ibm | db2 | From 11.5.0 (inc) to 11.5.9 (inc) |
| ibm | db2 | From 12.1.0 (inc) to 12.1.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-324 | The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Db2 versions 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux allows an authenticated user to regain access to their account even after it has been locked due to password expiration. Essentially, the system does not properly enforce the account lockout after the password expiration date, enabling continued access.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing users whose passwords have expired and whose accounts should be locked to still access the system. This could lead to unauthorized access, potentially compromising confidentiality, integrity, and availability of data and resources within the affected IBM Db2 environment.