What is CVE-2025-33012?

CVE-2025-33012 is a medium-severity vulnerability in Ibm Db2, classified under Use of a Key Past its Expiration Date. CVSS score: 6.3/10. Published 2025-11-07.

How severe is CVE-2025-33012?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Vulnerability in Ibm Db2

CVE-2025-33012

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.

EPSS: 0.000 (7.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Ibm Db2 — versions 10.5.0, 11.1.0, 11.5.0

Weakness classification (CWE)

CWE-324 — Use of a Key Past its Expiration Date

References

www.ibm.com/support/pages/node/7250469 (vendor-advisory, patch)

Frequently asked questions

What is CVE-2025-33012?: CVE-2025-33012 is a medium-severity vulnerability in Ibm Db2, classified under Use of a Key Past its Expiration Date. CVSS score: 6.3/10. Published 2025-11-07.
How severe is CVE-2025-33012?: Medium severity. CVSS v3 base score is 6.3 out of 10.