IBM Db2 CVE-2025-1493 Race Condition DoS Vulnerability Advisory

Critical Vulnerability Information Vulnerability Overview CVE ID: CVE-2025-1493 Description: IBM Db2 for Linux, UNIX, and Windows (including Db2 Connect Server) may allow an authenticated user to cause a denial of service when concurrently executing shared resources. CWE: CWE-362: Concurrent Execution using Shared Resources without Proper Synchronization ("Race Condition") CVSS Score CVSS Base Score: 5.3 CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions Affected Product: IBM® Db2® Versions: 12.1.0 - 12.1.1 Applicable Edition: Server Remediation Fix Package: Special builds containing temporary fixes are available for download from Fix Central. Download Links: - V12.1.0: Special Build #52131 or later, Download Link - V12.1.1: Special Build #54779 or later, Download Link Notes IBM will not disclose critical Db2 functionality or reproduction steps to avoid providing excessive information to potential malicious actors. Starting December 31, 2025, Db2 versions 11.1 and 10.5 will no longer receive security fixes, as they will reach end-of-support (EoS). Additional Information Reference Documentation: Complete CVSS v3 Guide, Online Calculator v3 Related Links: IBM Security Engineering Network Portal, IBM Product Security Incident Response Blog

Goal Reached Thanks to every supporter — we hit 100%!

IBM Db2 CVE-2025-1493 Race Condition DoS Vulnerability Advisory