Critical Vulnerability Information Vulnerability Overview CVE ID: CVE-2025-33092 Description: IBM Db2 for Linux, UNIX, and Windows (including Db2 Connect Server) is vulnerable to a stack buffer overflow due to improper boundary checking in db2fm. A local user can overflow the buffer and execute arbitrary code on the system. CWE: CWE-121: Stack-based Buffer Overflow CVSS Score: 7.8 CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions Operating Systems: Linux is affected; Unix and Windows are not affected. Remediation Fix Package: Customers can download special builds containing interim fixes for any vulnerable affected levels of V11.5 and V12.1. Download Links: - V11.5: https://www.ibm.com/support/pages/node/7087189 - V12.1: https://www.ibm.com/support/pages/db2-v1211-published-cumulative-special-build-downloads Additional Information Workarounds: None Release Date: July 29, 2025