CVE-2025-33130

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7260043	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:::::linux::
	cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:::::unix::
	cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:::::windows::

History

20 Feb 2026, 21:01

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:::::linux:: cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:::::windows:: cpe:2.3:a:ibm:db2_merge_backup:12.1.0.0:::::unix::
First Time		Ibm db2 Merge Backup Ibm
References	~~() https://www.ibm.com/support/pages/node/7260043 -~~	() https://www.ibm.com/support/pages/node/7260043 - Vendor Advisory

18 Feb 2026, 17:51

Type	Values Removed	Values Added
Summary		(es) IBM DB2 Merge Backup para Linux, UNIX y Windows 12.1.0.0 podría permitir a un usuario autenticado provocar que el programa falle debido a la sobrescritura de un búfer cuando se asigna en la pila.

17 Feb 2026, 20:22

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-17 20:22

Updated : 2026-02-20 21:01

NVD link : CVE-2025-33130

Mitre link : CVE-2025-33130

CVE.ORG link : CVE-2025-33130

JSON object : View

Products Affected

ibm

db2_merge_backup

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

6.5 /10