CVE-2025-14689
Received Received - Intake

Denial of Service via Query Logic Flaw in IBM Db

Vulnerability report for CVE-2025-14689, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-17

Last updated on: 2026-02-18

Assigner: IBM Corporation

Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-17
Last Modified
2026-02-18
Generated
2026-07-06
AI Q&A
2026-02-17
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
ibm db2 From 12.1.0 (inc) to 12.1.3 (inc)
ibm db2 From 12.1.0 (inc) to 12.1.3 (inc)
ibm db2 From 12.1.0 (inc) to 12.1.3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

I don't know

Detection Guidance

IBM has withheld detailed replication steps and key Db2 functionality information to prevent exploitation by malicious actors.

No specific detection commands or methods are provided in the available information.

Executive Summary

This vulnerability affects IBM Db2 federated server versions 12.1.0 through 12.1.3 on Unix platforms. It arises from improper neutralization of special elements in data query logic when queries involve federated objects. An authenticated user can exploit this flaw to cause a denial of service (DoS) condition, disrupting the availability of the database service.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) attack, which can make the IBM Db2 database service unavailable. Although it does not affect confidentiality or integrity of data, the high impact on availability means that users and applications relying on the database could experience service interruptions or outages.

Mitigation Strategies

Apply the special interim fix builds released by IBM to remediate the issue on affected versions.

  • For version 12.1.2, apply Special Build #72296 or later.
  • For version 12.1.3, apply Special Build #74153 or later.

These fixes can be downloaded from IBM Fix Central and are identified by APAR DT457502.

No other workarounds or mitigations are available.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14689. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart