CVE-2025-27904
Received Received - Intake

Cross-Site Request Forgery in IBM DB2 Recovery Expert

Vulnerability report for CVE-2025-27904, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-17

Last updated on: 2026-02-26

Assigner: IBM Corporation

Description

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-17
Last Modified
2026-02-26
Generated
2026-07-06
AI Q&A
2026-02-17
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
ibm db2_recovery_expert 5.5.0
ibm db2_recovery_expert 5.5.0
ibm db2_recovery_expert 5.5.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

IBM Db2 Recovery Expert for Linux, UNIX and Windows version 5.5 Interim Fix 002 is vulnerable to a cross-site request forgery (CSRF) attack.

This vulnerability allows an attacker to execute malicious and unauthorized actions by tricking a user into submitting requests that the website trusts.

Mitigation Strategies

I don't know

Detection Guidance

I don't know

Impact Analysis

An attacker exploiting this vulnerability could perform unauthorized actions on behalf of a legitimate user without their consent.

While the vulnerability does not impact confidentiality or availability, it can cause high impact on integrity by allowing unauthorized modifications or actions.

Compliance Impact

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-27904. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart