CVE-2025-33012 MEDIUM

CVE-2025-33012: IBM Db2 improper account lockout

Vendor Ibm
Product Db2
Weakness CWE-324
Published November 7, 2025
Last update November 7, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.

Key dates

02Disclosure timeline

November 7, 2025 CVE published
November 7, 2025 Record updated