CVE-2025-36117 MEDIUM

CVE-2025-36117: IBM Db2 Mirror for i session fixation

Vendor Ibm
Product Db2 Mirror for i
Weakness CWE-384 · Session fixation
Published July 23, 2025
Last update August 18, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.

Key dates

02Disclosure timeline

July 23, 2025 CVE published
August 18, 2025 Record updated