PT-2025-46921 · Ibm · Aix +2

Published

2025-11-13

·

Updated

2025-11-28

·

CVE-2025-36096

CVSS v3.1
9.0
VectorAV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions IBM AIX versions 7.2 and 7.3 IBM VIOS versions 3.1 and 4.1
Description The software stores NIM private keys used in NIM environments in an insecure manner, making them susceptible to unauthorized access by an attacker employing man-in-the-middle techniques. The NIM server, previously known as the NIM master service (nimesis), may allow a remote attacker to traverse directories and write arbitrary files on the system by sending a specially crafted URL request.
Recommendations IBM AIX version 7.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability. IBM AIX version 7.3: At the moment, there is no information about a newer version that contains a fix for this vulnerability. IBM VIOS version 3.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. IBM VIOS version 4.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficiently Protected Credentials

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2025-36096

Affected Products

Aix
Ibm Aix
Vios