CVE-2025-36251

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM AIX versions 7.2 and 7.3 IBM VIOS versions 3.1 and 4.1

Description The

nimsh

service’s SSL/TLS implementations in IBM AIX and VIOS are susceptible to improper process controls, potentially enabling a remote attacker to execute arbitrary commands. Additionally, the IBM AIX NIM server (formerly known as NIM master) service (

nimesis

) may allow a remote attacker to traverse directories and write arbitrary files to the system by sending a specially crafted URL request.

Recommendations IBM AIX version 7.2 IBM AIX version 7.3 IBM VIOS version 3.1 IBM VIOS version 4.1

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-114

Related Identifiers

CVE-2025-36251

Affected Products

Aix

Ibm Aix

Vios

CVE-2025-36251

Weakness Enumeration

Related Identifiers

Affected Products

References · 18