CVE-2025-13755— IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets

CVSS 5.5 · Medium EPSS 0.01% · P2 Updated May 27, 2026

Possible ATT&CK Techniques 1AI

Affected Version Matrix 2

Vendor	Product	Version Range	Status
IBM	Db2	`11.5.0≤ 11.5.9`	affected
		`12.1.0≤ 12.1.4`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-13755

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets

Source: NVD (National Vulnerability Database)

Vulnerability Description

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

通过日志文件的信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

IBM Db2 日志信息泄露漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

IBM Db2是美国国际商业机器（IBM）公司的一套关系型数据库管理系统。 IBM Db2 11.5.0至11.5.9版本和12.1.0至12.1.4版本存在日志信息泄露漏洞，该漏洞源于在日志文件中存储潜在敏感信息，可能导致本地用户读取。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
IBM	Db2	11.5.0 ~ 11.5.9	`cpe:2.3:a:ibm:db2:11.5.0:::::::*`

II. Public POCs for CVE-2025-13755

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-13755

请登录查看更多情报信息。

Vendor Advisories for CVE-2025-13755 (1)

🔗 Security Bulletin: IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets (CVE-2025-13755)vendor-advisorypatch

https://nvd.nist.gov/vuln/detail/CVE-2025-13755

Same Patch Batch · IBM · 2026-05-26 · 20 CVEs total

CVE-2026-3660	9.8 CRITICAL	IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Authentication Byp
CVE-2026-8633	9.8 CRITICAL	IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by
CVE-2026-8855	8.1 HIGH	IBM HTTP Server is affected by multiple vulnerabilities
CVE-2026-8834	8.0 HIGH	IBM HTTP Server is affected by multiple vulnerabilities
CVE-2026-8856	7.7 HIGH	IBM HTTP Server is affected by multiple vulnerabilities
CVE-2026-8850	7.5 HIGH	IBM HTTP Server is affected by multiple vulnerabilities
CVE-2026-8620	7.5 HIGH	IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by
CVE-2026-8854	7.5 HIGH	IBM HTTP Server is affected by multiple vulnerabilities
CVE-2026-8835	7.3 HIGH	IBM HTTP Server is affected by multiple vulnerabilities
CVE-2026-4051	7.2 HIGH	IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth R
CVE-2026-3603	7.1 HIGH	IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML external entit
CVE-2025-36126	6.4 MEDIUM	IBM Cognos Analytics is affected by Cross-site scripting.
CVE-2026-8852	6.2 MEDIUM	IBM HTTP Server is affected by multiple vulnerabilities
CVE-2025-36148	5.4 MEDIUM	IBM Financial Transaction Manager for SWIFT Services for Multiplatforms is vulnerable to c
CVE-2025-36145	5.4 MEDIUM	Multiple Vulnerabilities in watsonx.data
CVE-2025-14290	5.4 MEDIUM	IBM webMethods Integration Sever is vulnerable to server-side request forgery
CVE-2025-36221	5.3 MEDIUM	Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.
CVE-2025-36220	4.3 MEDIUM	Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.
CVE-2026-9170		IBM HTTP Server is affected by multiple vulnerabilities

IV. Related Vulnerabilities

Same product: Db2

Same vendor: IBM

Same weakness: CWE-532

V. Comments for CVE-2025-13755

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-13755— IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets

Possible ATT&CK Techniques 1AI

Affected Version Matrix 2

I. Basic Information for CVE-2025-13755

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-13755

III. Intelligence Information for CVE-2025-13755

Vendor Advisories for CVE-2025-13755 (1)

Same Patch Batch · IBM · 2026-05-26 · 20 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-13755

Leave a comment