CVE-2025-36250 PUBLISHED

AIX Code Execution

Assigner: ibm
Reserved: 15.04.2025 Published: 13.11.2025 Updated: 15.11.2025

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 10

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	AIX
Versions	Version 7.2 is affected Version 7.3 is affected

Vendor	IBM
Product	VIOS
Versions	Version 3.1 is affected Version 4.1 is affected

Solutions

IBM strongly recommends addressing the vulnerability by following the instructions in the fixes and remediation section of the IBM security bulletin: https://www.ibm.com/support/pages/node/7251173

Credits

These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz. finder

References

https://www.ibm.com/support/pages/node/7251173

Problem Types

CWE-114 Process Control CWE