CVE-2025-36096 PUBLISHED

AIX Insufficiently Protected Credentials

Assigner: ibm
Reserved: 15.04.2025 Published: 13.11.2025 Updated: 15.11.2025

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 9

Attack Vector	Network	Scope	Changed
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	AIX
Versions	Version 7.2 is affected Version 7.3 is affected

Vendor	IBM
Product	VIOS
Versions	Version 3.1 is affected Version 4.1 is affected

Solutions

IBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin: https://www.ibm.com/support/pages/node/7251173

Credits

These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz. finder

References

https://www.ibm.com/support/pages/node/7251173

Problem Types

CWE-522 Insufficiently Protected Credentials CWE