CVE-2025-14688 MEDIUM

CVE-2025-14688: IBM® Db2® is vulnerable to a denial of service when fetching from certain tables under specific configurations

Vendor Ibm
Product Db2
Weakness CWE-1284
Published April 30, 2026
Last update May 27, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist.

Key dates

02Disclosure timeline

April 30, 2026 CVE published
May 27, 2026 Record updated