CVE-2025-13755
IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets
CVSS Score
5.5
EPSS Score
0.0%
EPSS Percentile
0th
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.
| CWE | CWE-532 |
| Vendor | ibm |
| Product | db2 |
| Published | May 26, 2026 |
| Last Updated | May 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for ibm db2
Be the first to know when new medium vulnerabilities affecting ibm db2 are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
IBM / Db2
11.5.0 ≤ 11.5.9 12.1.0 ≤ 12.1.4