CVE-2025-36384 - Vulnerability Details - OpenCVE

IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Db2

No data.

No data.

No data.

References

Link	Providers
https://www.ibm.com/support/pages/node/7257678

History

Fri, 30 Jan 2026 21:45:00 +0000

Type	Values Removed	Values Added
Description		IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element.
Title		IBM Db2 Privilege Escalation
First Time appeared		Ibm Ibm db2
Weaknesses		CWE-428
CPEs		cpe:2.3:a:ibm:db2:12.1.0:::::windows:: cpe:2.3:a:ibm:db2:12.1.3:::::windows::
Vendors & Products		Ibm Ibm db2
References		https://www.ibm.com/support/pages/node/7257678
Metrics		cvssV3_1 `{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-01-30T21:27:48.473Z

Updated: 2026-01-30T21:39:43.997Z

Reserved: 2025-04-15T21:16:57.301Z

Link: CVE-2025-36384

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-30T22:15:54.440

Modified: 2026-01-30T22:15:54.440

Link: CVE-2025-36384

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-36384", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:57.301Z", "datePublished": "2026-01-30T21:27:48.473Z", "dateUpdated": "2026-01-30T21:39:43.997Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*", "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:windows:*:*"], "defaultStatus": "unaffected", "product": "Db2 for Linux, UNIX and Windows", "vendor": "IBM", "versions": [{"lessThanOrEqual": "12.1.3", "status": "affected", "version": "12.1.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element. </p><br>"}], "value": "IBM Db2 for Windows\u00a012.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-01-30T21:39:43.997Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7257678"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability.</p><p> </p><div><table><tbody><tr><td><strong>Release</strong></td><td><strong>Fixed in mod pack</strong></td><td><strong>APAR</strong></td><td><strong>Download URL</strong></td></tr><tr><td><p>V12.1</p></td><td><p>TBD</p></td><td><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000004ubV/dt449794\">DT449794</a></p></td><td><p>Special Build #72296 or later for V12.1.2 available at this link:</p><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads\">https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads</a><br><br>Special Build #71609 or later for V12.1.3 available at this link:<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/db2-v1213-published-cumulative-special-build-downloads\">https://www.ibm.com/support/pages/db2-v1213-published-cumulative-special-build-downloads</a></p></td></tr></tbody></table></div><br>"}], "value": "Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1.2 and V12.1.3. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\u00a0\n\nReleaseFixed in mod packAPARDownload URLV12.1\n\nTBD\n\n https://www.ibm.com/support/pages/db2-v1212-published-cumulative-special-build-downloads \n\nSpecial Build #71609 or later for V12.1.3 available at this link:\n https://www.ibm.com/support/pages/db2-v1213-published-cumulative-special-build-downloads"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Db2 Privilege Escalation", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}