CVE Vulnerabilities

CVE-2025-27899

Cleartext Storage of Sensitive Information in an Environment Variable

Published: Feb 17, 2026 | Modified: Feb 26, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io logo minimus.io logo echo.ai logo

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system.

Weakness

The product uses an environment variable to store unencrypted sensitive information.

Affected Software

NameVendorStart VersionEnd Version
Db2_recovery_expertIbm5.5.0-interim_fix_002 (including)5.5.0-interim_fix_002 (including)

Potential Mitigations

References