CVE-2025-2669 - Vulnerability Details

Description

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation.

Published: 2026-06-22

Score: 6 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data contain an improper token validation flaw that allows a privileged user to perform database operations and access sensitive information beyond their authorized scope. This flaw directly compromises data confidentiality and integrity by enabling unauthorized actions that should be restricted to the user’s granted privileges.

Affected Systems

Vulnerable versions include IBM Db2 on Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, and 5.3, as well as corresponding Db2 Warehouse on Cloud Pak for Data releases. The flaw exists in all listed editions and is only mitigated in the 5.4 release series.

Risk and Exploitability

The CVSS score of 6.0 indicates a moderate severity vulnerability. Exploitation requires a user with existing privileged access to the database environment, making the attack vector largely internal. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no widespread exploitation at this time. However, because the flaw permits unauthorized escalation of privileges, administrators should prioritize remediation to prevent potential data breaches.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

IBM

Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data

affected

Version	Status	Constraints
`4.8.0`	affected	—
`5.0.0`	affected	≤ 5.3.0

No data.

No data available yet.

Remediation

Vendor Solution

IBM strongly recommends addressing the vulnerabilities now by upgrading to the latest IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data release containing the fix for these issues i.e to version 5.4. Please note: If the affected release is any refresh level of Cloud Pak for Data 4.8, 5.0, 5.1, 5.2, 5.2.2, 5.3.0 it is strongly recommended to upgrade to Cloud Pak for Data 5.4.ProductFixed in Fix PackInstructionsIBM® Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Datav5.4Db2 Warehouse: https://www.ibm.com/docs/en/software-hub/5.3.x?topic=warehouse-upgradingDb2: https://www.ibm.com/docs/en/software-hub/5.3.x?topic=db2-upgrading

OpenCVE Recommended Actions

Upgrade to IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data version 5.4 as released by IBM
Follow IBM’s fix pack instructions and perform a full system restart to ensure the updated tokens are enforced
Verify that system logs are audited and that no privileged users are executing unauthorized operations
If upgrading immediately is not feasible, block token usage from non‑trusted sources and enforce stricter token validation rules as a temporary measure

Generated by OpenCVE AI on June 22, 2026 at 14:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.ibm.com/support/pages/node/7277112

History

Mon, 22 Jun 2026 13:45:00 +0000

Type	Values Removed	Values Added
Description		IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation.
Title		Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
First Time appeared		Ibm Ibm db2 On Cloud Pak For Data Ibm db2 Warehouse On Cloud Pak For Data
Weaknesses		CWE-295
CPEs		cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:4.8:::::::* cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.0:::::::* cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.1:::::::* cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.2:::::::* cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:5.3:::::::* cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:4.8:::::::* cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.0:::::::* cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.1:::::::* cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.2:::::::* cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:5.3:::::::*
Vendors & Products		Ibm Ibm db2 On Cloud Pak For Data Ibm db2 Warehouse On Cloud Pak For Data
References		https://www.ibm.com/support/pages/node/7277112
Metrics		cvssV3_1 `{'score': 6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L'}`

Subscriptions

Ibm Db2 On Cloud Pak For Data Db2 Warehouse On Cloud Pak For Data

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-06-22T13:18:42.153Z

Updated: 2026-06-22T13:18:42.153Z

Reserved: 2025-03-22T13:41:34.517Z

Link: CVE-2025-2669

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-22T14:30:05Z

Weaknesses

CWE-295
Improper Certificate Validation

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object