CVE-2025-13108

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7260043	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:::::linux::
	cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:::::unix::
	cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:::::windows::

History

26 Feb 2026, 22:20

Type	Values Removed	Values Added
CWE		CWE-226

23 Feb 2026, 16:13

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:::::linux:: cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:::::windows:: cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:::::unix::
First Time		Ibm db2 Merge Backup Ibm
References	~~() https://www.ibm.com/support/pages/node/7260043 -~~	() https://www.ibm.com/support/pages/node/7260043 - Vendor Advisory

18 Feb 2026, 17:51

Type	Values Removed	Values Added
Summary		(es) IBM DB2 Merge Backup para Linux, UNIX y Windows 12.1.0.0 podría permitir a un atacante acceder a información sensible en la memoria debido a que el búfer no libera los recursos correctamente.

17 Feb 2026, 20:22

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-17 20:22

Updated : 2026-02-26 23:11

NVD link : CVE-2025-13108

Mitre link : CVE-2025-13108

CVE.ORG link : CVE-2025-13108

JSON object : View

Products Affected

ibm

db2_merge_backup

CWE

NVD-CWE-noinfo CWE-226

Sensitive Information in Resource Not Removed Before Reuse

{"id": "CVE-2025-13108", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-02-17T20:22:01.587", "references": [{"url": "https://www.ibm.com/support/pages/node/7260043", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-226"}]}], "descriptions": [{"lang": "en", "value": "IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources."}, {"lang": "es", "value": "IBM DB2 Merge Backup para Linux, UNIX y Windows 12.1.0.0 podr\u00eda permitir a un atacante acceder a informaci\u00f3n sensible en la memoria debido a que el b\u00fafer no libera los recursos correctamente."}], "lastModified": "2026-02-26T23:11:08.460", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "D4819D3E-34CC-4D0A-9BC5-3B0B2FF287C0"}, {"criteria": "cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:*:*:*:*:unix:*:*", "vulnerable": true, "matchCriteriaId": "80F6A623-364C-4E5A-A20B-58F30FE1EF5F"}, {"criteria": "cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "2F54A9A5-0C7C-42A3-87C6-0DF353E88CD2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}