CVE-2025-36251

Name of the Vulnerable Software and Affected Versions IBM AIX versions 7.2 and 7.3 IBM VIOS versions 3.1 and 4.1

Description The nimsh service’s SSL/TLS implementations in IBM AIX and VIOS are susceptible to improper process controls, potentially enabling a remote attacker to execute arbitrary commands. Additionally, the IBM AIX NIM server (formerly known as NIM master) service (nimesis) may allow a remote attacker to traverse directories and write arbitrary files to the system by sending a specially crafted URL request.

Recommendations IBM AIX version 7.2 IBM AIX version 7.3 IBM VIOS version 3.1 IBM VIOS version 4.1