CVE-2025-2669
MediumCVSS 6.0Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
A vulnerability in IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation.
Risk Assessment
The risk involves potential privilege escalation by a privileged user, which could lead to data confidentiality breaches and unauthorized access to sensitive information within the database environment.
Recommendation
It is recommended to immediately upgrade IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data to the latest available version that includes a fix for this vulnerability.
Original NVD description (English source)
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation.

