AI description
CVE-2025-36250 affects IBM AIX versions 7.2 and 7.3, as well as IBM VIOS versions 3.1 and 4.1. The vulnerability lies within the NIM server (formerly known as NIM master) service, specifically nimesis. A remote attacker could exploit this vulnerability to execute arbitrary commands due to improper process controls. This CVE addresses additional attack vectors related to a vulnerability previously addressed in CVE-2024-56346. To resolve this, it is recommended to update the NIM server and VIOS to patch the improper process controls.
- Description
- IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.
- Source
- psirt@us.ibm.com
- NVD status
- Analyzed
- Products
- vios, aix
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@us.ibm.com
- CWE-114
- Hype score
- Not currently trending
#VulnerabilityReport #CriticalVulnerability Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal https://t.co/mzOmYs8gRp
@Komodosec
23 Dec 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en productos IBM ❗CVE-2025-36250 ❗CVE-2025-36251 ➡️Más info: https://t.co/YBpUaF2rGE https://t.co/im5xnFoFII
@CERTpy
28 Nov 2025
98 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM AIX の脆弱性 CVE-2025-36250/36251 が FIX:リモート攻撃者による任意のコマンド実行 https://t.co/RGy80B0xoS 発見された脆弱性は、AIX の中核となる NIM/Nimsh
@iototsecnews
28 Nov 2025
139 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🔴 #IBM AIX, Command Injection, #CVE-2025-36250 (Critical) https://t.co/rr3wBZ9qlz
@dailycve
20 Nov 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Use CVE-2025-36236 to drop a malicious payload in a system directory. Use CVE-2025-36250 to execute it remotely without authentication. Use CVE-2025-36251 to hijack secure connections. Use CVE-2025-36096 to steal private keys and pivot to every other AIX server on the network
@marc_vanlommel
19 Nov 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM AIXのNIM関連に複数の深刻な脆弱性(CVE-2025-36250,CVE-2025-36096,CVE-2025-36251) https://t.co/dFy0d6XtG5 #セキュリティ対策Lab #セキュリティ #Security
@securityLab_jp
19 Nov 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-36250(CVSS 10.0): Critical IBM AIX RCE Flaw Exposes NIM Private Keys and Risks Directory Traversal 🎯FOFA Link: https://t.co/kZUlIz2euu FOFA Query: app="IBM-AIX" 🔖Refer: https://t.co/Iqoof7CpfF #OSINT #FOFA #CyberSecurity #Vulnerability https://t.co/vyS
@fofabot
17 Nov 2025
2142 Impressions
9 Retweets
27 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨:AIX is vulnerable to arbitrary command execution (CVE-2025-36251,CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236). -------------------- CVE-2025-36250 (CVSS 10.0) : Remote Command Execution via nimesis https
@HunterMapping
17 Nov 2025
3133 Impressions
10 Retweets
29 Likes
16 Bookmarks
1 Reply
0 Quotes
🚨🚨Critical Vulnerabilities in IBM CVE-2025-36250 (CVSS 10.0): RCE via nimesis CVE-2025-36251 (CVSS 9.6): RCE via nimsh CVE-2025-36096 (CVSS 9.0): Exposure of NIM Private Keys ZoomEye Dork👉app="IBM AIX" Over 7.4m exposed IBM AIX instances. ZoomEye Link: https://t.co/S5N
@zoomeye_team
17 Nov 2025
6881 Impressions
22 Retweets
56 Likes
16 Bookmarks
2 Replies
1 Quote
Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2025-36251, CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236) https://t.co/XHQ3xFncik 『(直訳)AIX
@taku888infinity
17 Nov 2025
1031 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CRITICAL: CVE-2025-36250 in IBM AIX/VIOS (7.2, 7.3, 3.1, 4.1) lets remote attackers run arbitrary commands—no auth needed! Patch ASAP, restrict NIM access. https://t.co/bQRN3oQSJY #OffSeq #CVE202536250 #IBM #... https://t.co/hrjaesVPme
@offseq
14 Nov 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-36250: CRITICAL] Vulnerability alert: IBM AIX 7.2/7.3 and IBM VIOS 3.1/4.1 NIM server risk remote code execution. Update to prevent unauthorized access and protect against security threats.#cve,CVE-2025-36250,#cybersecurity https://t.co/aBQueFkZsk https://t.co/HcWrULAMn
@CveFindCom
13 Nov 2025
60 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
**CVE ID:** CVE-2025-36250 **Severity:** Critical (CVSS 10.0) **Attack Vector:** Network **Privileges Required:** None **User Interaction:** None **Scope:** Changed (affects components beyond the scope of the initial vulnerability) **Confidentiality, Integrity,
@CveTodo
13 Nov 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:vios:3.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3939ADB4-5177-45C2-9C29-932E81D27F9E"
},
{
"criteria": "cpe:2.3:a:ibm:vios:4.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB8BDD68-E15D-460F-855E-72DF774D6A1F"
},
{
"criteria": "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6791504A-A48A-4ED0-94AF-4C8A3B91516F"
},
{
"criteria": "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35DF3DE0-1AE4-4B25-843F-BC08DBBFDF78"
}
],
"operator": "OR"
}
]
}
]