PT-2025-46923 · Ibm · Aix+2
Published
2025-11-13
·
Updated
2025-12-23
·
CVE-2025-36250
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM AIX versions 7.2 and 7.3
IBM VIOS versions 3.1 and 4.1
Description
The NIM server (formerly known as NIM master) service (
nimesis) in IBM AIX and IBM VIOS may allow a remote attacker to execute arbitrary commands and traverse directories on the system. An attacker could potentially send a specially crafted URL request to write arbitrary files. This issue addresses additional attack vectors for a previously addressed issue.Recommendations
IBM AIX version 7.2
IBM AIX version 7.3
IBM VIOS version 3.1
IBM VIOS version 4.1
Restrict access to the NIM server.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aix
Ibm Aix
Vios