Exposure of Sensitive Information Through Environmental Variables

CVE-2025-27899

Medium

5.3/10

Summary

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-526 - Exposure of Sensitive Information Through Environmental Variables

Environmental variables may contain sensitive information about a remote server.

References

Advisory Timeline

Published Feb 17, 2026

Exposure of Sensitive Information Through Environmental Variables

CVE-2025-27899

Summary

CWE-526 - Exposure of Sensitive Information Through Environmental Variables

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS