AI description
CVE-2025-36250 affects IBM AIX versions 7.2 and 7.3, as well as IBM VIOS versions 3.1 and 4.1. The vulnerability lies within the NIM server (formerly known as NIM master) service, specifically nimesis. A remote attacker could exploit this vulnerability to execute arbitrary commands due to improper process controls. This CVE addresses additional attack vectors related to a vulnerability previously addressed in CVE-2024-56346. To resolve this, it is recommended to update the NIM server and VIOS to patch the improper process controls.
- Description
- IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.
- Source
- psirt@us.ibm.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@us.ibm.com
- CWE-114
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
10
🚨Alert🚨:AIX is vulnerable to arbitrary command execution (CVE-2025-36251,CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236). -------------------- CVE-2025-36250 (CVSS 10.0) : Remote Command Execution via nimesis https
@HunterMapping
17 Nov 2025
1106 Impressions
5 Retweets
9 Likes
7 Bookmarks
0 Replies
0 Quotes
🚨🚨Critical Vulnerabilities in IBM CVE-2025-36250 (CVSS 10.0): RCE via nimesis CVE-2025-36251 (CVSS 9.6): RCE via nimsh CVE-2025-36096 (CVSS 9.0): Exposure of NIM Private Keys ZoomEye Dork👉app="IBM AIX" Over 7.4m exposed IBM AIX instances. ZoomEye Link: https://t.co/S5N
@zoomeye_team
17 Nov 2025
2121 Impressions
9 Retweets
21 Likes
5 Bookmarks
0 Replies
0 Quotes
Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2025-36251, CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236) https://t.co/XHQ3xFncik 『(直訳)AIX
@taku888infinity
17 Nov 2025
678 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CRITICAL: CVE-2025-36250 in IBM AIX/VIOS (7.2, 7.3, 3.1, 4.1) lets remote attackers run arbitrary commands—no auth needed! Patch ASAP, restrict NIM access. https://t.co/bQRN3oQSJY #OffSeq #CVE202536250 #IBM #... https://t.co/hrjaesVPme
@offseq
14 Nov 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-36250: CRITICAL] Vulnerability alert: IBM AIX 7.2/7.3 and IBM VIOS 3.1/4.1 NIM server risk remote code execution. Update to prevent unauthorized access and protect against security threats.#cve,CVE-2025-36250,#cybersecurity https://t.co/aBQueFkZsk https://t.co/HcWrULAMn
@CveFindCom
13 Nov 2025
60 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
**CVE ID:** CVE-2025-36250 **Severity:** Critical (CVSS 10.0) **Attack Vector:** Network **Privileges Required:** None **User Interaction:** None **Scope:** Changed (affects components beyond the scope of the initial vulnerability) **Confidentiality, Integrity,
@CveTodo
13 Nov 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes