- Description
- IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.
- Source
- psirt@us.ibm.com
- NVD status
- Analyzed
- Products
- vios, aix
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@us.ibm.com
- CWE-114
- Hype score
- Not currently trending
#VulnerabilityReport #CriticalVulnerability Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal https://t.co/mzOmYs8gRp
@Komodosec
23 Dec 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en productos IBM ❗CVE-2025-36250 ❗CVE-2025-36251 ➡️Más info: https://t.co/YBpUaF2rGE https://t.co/im5xnFoFII
@CERTpy
28 Nov 2025
98 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM AIX の脆弱性 CVE-2025-36250/36251 が FIX:リモート攻撃者による任意のコマンド実行 https://t.co/RGy80B0xoS 発見された脆弱性は、AIX の中核となる NIM/Nimsh
@iototsecnews
28 Nov 2025
139 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🔴 #IBM AIX, Command Injection, #CVE-2025-36250 (Critical) https://t.co/rr3wBZ9qlz
@dailycve
20 Nov 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Use CVE-2025-36236 to drop a malicious payload in a system directory. Use CVE-2025-36250 to execute it remotely without authentication. Use CVE-2025-36251 to hijack secure connections. Use CVE-2025-36096 to steal private keys and pivot to every other AIX server on the network
@marc_vanlommel
19 Nov 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM AIXのNIM関連に複数の深刻な脆弱性(CVE-2025-36250,CVE-2025-36096,CVE-2025-36251) https://t.co/dFy0d6XtG5 #セキュリティ対策Lab #セキュリティ #Security
@securityLab_jp
19 Nov 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-36250(CVSS 10.0): Critical IBM AIX RCE Flaw Exposes NIM Private Keys and Risks Directory Traversal 🎯FOFA Link: https://t.co/kZUlIz2euu FOFA Query: app="IBM-AIX" 🔖Refer: https://t.co/Iqoof7CpfF #OSINT #FOFA #CyberSecurity #Vulnerability https://t.co/vyS
@fofabot
17 Nov 2025
2142 Impressions
9 Retweets
27 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨:AIX is vulnerable to arbitrary command execution (CVE-2025-36251,CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236). -------------------- CVE-2025-36250 (CVSS 10.0) : Remote Command Execution via nimesis https
@HunterMapping
17 Nov 2025
3133 Impressions
10 Retweets
29 Likes
16 Bookmarks
1 Reply
0 Quotes
🚨🚨Critical Vulnerabilities in IBM CVE-2025-36250 (CVSS 10.0): RCE via nimesis CVE-2025-36251 (CVSS 9.6): RCE via nimsh CVE-2025-36096 (CVSS 9.0): Exposure of NIM Private Keys ZoomEye Dork👉app="IBM AIX" Over 7.4m exposed IBM AIX instances. ZoomEye Link: https://t.co/S5N
@zoomeye_team
17 Nov 2025
6881 Impressions
22 Retweets
56 Likes
16 Bookmarks
2 Replies
1 Quote
Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2025-36251, CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236) https://t.co/XHQ3xFncik 『(直訳)AIX
@taku888infinity
17 Nov 2025
1031 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CRITICAL: CVE-2025-36250 in IBM AIX/VIOS (7.2, 7.3, 3.1, 4.1) lets remote attackers run arbitrary commands—no auth needed! Patch ASAP, restrict NIM access. https://t.co/bQRN3oQSJY #OffSeq #CVE202536250 #IBM #... https://t.co/hrjaesVPme
@offseq
14 Nov 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-36250: CRITICAL] Vulnerability alert: IBM AIX 7.2/7.3 and IBM VIOS 3.1/4.1 NIM server risk remote code execution. Update to prevent unauthorized access and protect against security threats.#cve,CVE-2025-36250,#cybersecurity https://t.co/aBQueFkZsk https://t.co/HcWrULAMn
@CveFindCom
13 Nov 2025
60 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
**CVE ID:** CVE-2025-36250 **Severity:** Critical (CVSS 10.0) **Attack Vector:** Network **Privileges Required:** None **User Interaction:** None **Scope:** Changed (affects components beyond the scope of the initial vulnerability) **Confidentiality, Integrity,
@CveTodo
13 Nov 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:vios:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3939ADB4-5177-45C2-9C29-932E81D27F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:vios:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB8BDD68-E15D-460F-855E-72DF774D6A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6791504A-A48A-4ED0-94AF-4C8A3B91516F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35DF3DE0-1AE4-4B25-843F-BC08DBBFDF78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]