AI description
CVE-2025-36096 affects IBM AIX versions 7.2 and 7.3, as well as IBM VIOS versions 3.1, and 4.1. The vulnerability stems from the insecure storage of NIM private keys used in NIM environments. This insecure storage makes the systems susceptible to unauthorized access via man-in-the-middle attacks. Successful exploitation of CVE-2025-36096 could lead to unauthorized data access, potentially compromising data privacy, system reliability, and trust. It can also disrupt system operations, potentially causing a complete denial of service.
- Description
- IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques.
- Source
- psirt@us.ibm.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@us.ibm.com
- CWE-522
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
10
🚨Alert🚨:AIX is vulnerable to arbitrary command execution (CVE-2025-36251,CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236). -------------------- CVE-2025-36250 (CVSS 10.0) : Remote Command Execution via nimesis https
@HunterMapping
17 Nov 2025
1106 Impressions
5 Retweets
9 Likes
7 Bookmarks
0 Replies
0 Quotes
🚨🚨Critical Vulnerabilities in IBM CVE-2025-36250 (CVSS 10.0): RCE via nimesis CVE-2025-36251 (CVSS 9.6): RCE via nimsh CVE-2025-36096 (CVSS 9.0): Exposure of NIM Private Keys ZoomEye Dork👉app="IBM AIX" Over 7.4m exposed IBM AIX instances. ZoomEye Link: https://t.co/S5N
@zoomeye_team
17 Nov 2025
2121 Impressions
9 Retweets
21 Likes
5 Bookmarks
0 Replies
0 Quotes
Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2025-36251, CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236) https://t.co/XHQ3xFncik 『(直訳)AIX
@taku888infinity
17 Nov 2025
678 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
IBM AIX CVE-2025-36096: NIM private keys stored insecurely, vulnerable to MITM attacks. When your enterprise Unix system treats cryptographic keys like post-it notes. https://t.co/Kmac7Qe3v6
@gothburz
15 Nov 2025
134 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 CRITICAL: IBM AIX 7.2/7.3 & VIOS 3.1/4.1 exposed to CVE-2025-36096 — insecure NIM private key storage risks MitM attacks & unauthorized access! 🔑 Harden your environment now. https://t.co/Slg7SrEGML #OffSeq ... https://t.co/DUjFFyEpnM
@offseq
14 Nov 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-36096: CRITICAL] Critical security vulnerability in IBM AIX 7.2, 7.3, and IBM VIOS 3.1, 4.1 could expose NIM private keys to unauthorized access, posing a risk of data compromise. #CyberSecurity#cve,CVE-2025-36096,#cybersecurity https://t.co/xNRSlS8rC1 https://t.co/IQow
@CveFindCom
13 Nov 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
**CVE-2025-36096** pertains to IBM AIX 7.2 and 7.3 versions, as well as IBM Virtual I/O Server (VIOS) versions 3.1 and 4.1. The core issue involves the storage of NIM (Network Installation Management) private keys in an insecure manner. These private keys are used within NIM
@CveTodo
13 Nov 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes