What is the CVSS score of CVE-2025-36184?

CVE-2025-36184 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Windows are affected by CVE-2025-36184?

IBM Db2 instances running versions 11.5.0-11.5.9 are vulnerable to privilege escalation attacks where instance owners can execute code with root-level access.. A patch is available.

How to fix or mitigate CVE-2025-36184?

Within 24 hours: Identify all Db2 instances running versions 11.5.0-11.5.9 and assess which are exposed to untrusted instance owners. Within 7 days: Apply the available vendor patch to all affected Db2 systems in a staged approach starting with production environments. Within 30 days: Complete patching across all environments and validate patch effectiveness through security testing.

Windows CVE-2025-36184

HIGH

Execution with Unnecessary Privileges (CWE-250)

2026-01-30 psirt@us.ibm.com

Windows Linux IBM Db2

7.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

Patch released

Feb 05, 2026 - 20:07 nvd

Patch available

CVE Published

Jan 30, 2026 - 22:15 nvd

HIGH 7.2

DescriptionNVD

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.

AnalysisAI

Technical ContextAI

Classified as CWE-250 (Execution with Unnecessary Privileges). Affects Db2. IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.

RemediationAI

A vendor patch is available — apply it immediately. Restrict network access to the affected service where possible.

More from same product – last 7 days

CVE-2026-7524 CRITICAL Act Now

9.8 May 27

Remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.1 lets unauthenticated network attackers run arbitr

CVE-2026-8175 CRITICAL Act Now

9.8 May 27

Remote code execution and authentication bypass are possible in IBM Aspera High-Speed Transfer Server and High-Speed Tra

CVE-2026-7876 CRITICAL Act Now

9.1 May 27

Authentication bypass in IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) versions 1.5.1 throu

CVE-2026-5065 HIGH This Week

8.8 May 27

Hard-coded credentials in IBM Controller (versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2) give attackers a static, embedded

CVE-2026-8179 HIGH This Week

8.8 May 27

Arbitrary code execution in IBM Aspera High-Speed Transfer Server and Endpoint (versions 3.7.4 through 4.4.7 Fix Pack 1)

CVE-2025-36184 vulnerability details – vuln.today

Back

Windows CVE-2025-36184

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code