AI description
CVE-2025-36236 is a path traversal vulnerability that affects IBM AIX versions 7.2 and 7.3, as well as IBM VIOS versions 3.1 and 4.1. The vulnerability is located in the NIM (Network Installation Manager) server service, formerly known as NIM master, specifically in the nimesis service. A remote attacker could exploit this vulnerability by sending a specially crafted URL request to traverse directories on the system and write arbitrary files. This vulnerability is related to a previous issue addressed in CVE-2024-56346, suggesting that attackers have discovered new exploitation methods.
- Description
- IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system.
- Source
- psirt@us.ibm.com
- NVD status
- Analyzed
- Products
- vios, aix
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- psirt@us.ibm.com
- CWE-22
- Hype score
- Not currently trending
Use CVE-2025-36236 to drop a malicious payload in a system directory. Use CVE-2025-36250 to execute it remotely without authentication. Use CVE-2025-36251 to hijack secure connections. Use CVE-2025-36096 to steal private keys and pivot to every other AIX server on the network
@marc_vanlommel
19 Nov 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨:AIX is vulnerable to arbitrary command execution (CVE-2025-36251,CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236). -------------------- CVE-2025-36250 (CVSS 10.0) : Remote Command Execution via nimesis https
@HunterMapping
17 Nov 2025
3133 Impressions
10 Retweets
29 Likes
16 Bookmarks
1 Reply
0 Quotes
Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2025-36251, CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236) https://t.co/XHQ3xFncik 『(直訳)AIX
@taku888infinity
17 Nov 2025
1031 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
**CVE-2025-36236** is a high-severity vulnerability affecting IBM AIX versions 7.2 and 7.3, as well as IBM Virtual I/O Server (VIOS) versions 3.1 and 4.1. The flaw resides in the **NIM (Network Install Manager) server service (nimesis)**, which enables remote attackers to perform
@CveTodo
13 Nov 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:vios:3.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3939ADB4-5177-45C2-9C29-932E81D27F9E"
},
{
"criteria": "cpe:2.3:a:ibm:vios:4.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB8BDD68-E15D-460F-855E-72DF774D6A1F"
},
{
"criteria": "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6791504A-A48A-4ED0-94AF-4C8A3B91516F"
},
{
"criteria": "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35DF3DE0-1AE4-4B25-843F-BC08DBBFDF78"
}
],
"operator": "OR"
}
]
}
]