Security updates: IBM Db2 can be attacked in various ways

IBM's database management system Db2 has several security vulnerabilities. Admins should secure their instances promptly.

(Image: Alfa Photo/Shutterstock.com)

Aug 1, 2025 at 11:30 am CEST

2 min. read

Security

By

Dennis Schirrmacher

Due to several software vulnerabilities, attackers can attack IBM Db2 and, in the worst case, completely compromise instances. To prevent this, admins should install the secure versions.

Malicious code loophole

The most dangerous vulnerability is a security hole (CVE-2025-33092"high") through which malicious code can slip through. The basis for such attacks is a memory error triggered by attackers. It is not yet clear how such an attack could actually take place. According to a warning message, the client and server editions of Db2 are at risk. This affects Db2 versions 11.5.0 up to and including 11.5.9 and 12.1.0 up to and including 12.1.2.

To prepare systems against the described attack, admins must install the special builds linked in the warning message.

Another vulnerability (CVE-2025-24970) is classified as"high". It affects the Netty application framework. Attackers can provoke crashes at this point. A special build should also provide a remedy here.

Videos by heise

Further dangers

The remaining vulnerabilities are classified as"medium". Attackers can usually create DoS states at these points without authentication, which results in crashes. Admins can find the versions equipped against this in the linked warning messages (sorted by threat level in descending order):