Improper Neutralization of Special Elements in Data Query Logic

CVE-2025-36185

Medium

6.2/10

Summary

IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

References

Advisory Timeline

Published Nov 07, 2025

Improper Neutralization of Special Elements in Data Query Logic

CVE-2025-36185

Summary

CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS