CVE-2025-36247

🗓️ 17 Feb 2026 17:13:06Reported by ibmType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 17 Views

CVE-2025-36247 IBM Db2 XXE vulnerability in XML processing; affects 11.5.0-11.5.9 and 12.1.0-12.1.3.

Reporter	Title	Published	Views	Family All 14
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)	6 Mar 202609:02	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® Db2® is vulnerable to external entities parsing in XML (CVE-2025-36247)	9 Feb 202614:39	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerability in IBM Db2 affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.	15 May 202614:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities have been identified in IBM DB2 shipped with IBM WebSphere Remote Server	19 Feb 202615:33	–	ibm
IBM Security Bulletins	Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.	16 Mar 202611:31	–	ibm
ATTACKERKB	CVE-2025-36247	17 Feb 202617:13	–	attackerkb
Circl	CVE-2025-36247	13 Feb 202615:00	–	circl
CNNVD	IBM Db2 代码问题漏洞	17 Feb 202600:00	–	cnnvd
CNVD	XML External Entity Injection Vulnerability in IBM Db2	2 Mar 202600:00	–	cnvd
Cvelist	CVE-2025-36247 IBM Db2 XML External Entity Reference	17 Feb 202617:13	–	cvelist

NVD

Vulners

Node

ibm db2Range11.5.0–11.5.9linux

ibm db2Range11.5.0–11.5.9unix

ibm db2Range11.5.0–11.5.9windows

ibm db2Range12.1.0–12.1.3linux

ibm db2Range12.1.0–12.1.3unix

ibm db2Range12.1.0–12.1.3windows

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:linux:*:*",
      "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:unix:*:*",
      "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:aix:*:*",
      "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:windows:*:*",
      "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:zos:*:*",
      "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:linux:*:*",
      "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:unix:*:*",
      "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:aix:*:*",
      "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:windows:*:*",
      "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:zos:*:*",
      "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:linux:*:*",
      "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:unix:*:*",
      "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:aix:*:*",
      "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:windows:*:*",
      "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:zos:*:*",
      "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:linux:*:*",
      "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:unix:*:*",
      "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:aix:*:*",
      "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:windows:*:*",
      "cpe:2.3:a:ibm:db2:12.1.3:*:*:*:*:zos:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Db2 for Linux, UNIX and Windows",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "11.5.9",
        "status": "affected",
        "version": "11.5.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "12.1.3",
        "status": "affected",
        "version": "12.1.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7259961

18 Feb 2026 19:23Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.17.1 - 8.2

EPSS0.00235

SSVC

CWE-611