AI description
CVE-2025-36251 affects IBM AIX versions 7.2 and 7.3, as well as IBM VIOS versions 3.1 and 4.1. It involves the nimsh service SSL/TLS implementations and could allow a remote attacker to execute arbitrary commands due to improper process controls. This vulnerability introduces additional attack vectors, building upon a previously addressed vulnerability, CVE-2024-56347. Successful exploitation could allow an attacker to execute arbitrary commands remotely, potentially compromising system integrity and confidentiality, and gaining unauthorized access to affected IBM AIX and VIOS systems. The attack can be launched over a network with low complexity, requiring minimal user interaction. It is recommended to apply vendor-provided patches immediately, restrict network access to the nimsh service, and implement strict network segmentation as mitigation strategies.
- Description
- IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347.
- Source
- psirt@us.ibm.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.6
- Impact score
- 6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
- Severity
- CRITICAL
- psirt@us.ibm.com
- CWE-114
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
10
🚨Alert🚨:AIX is vulnerable to arbitrary command execution (CVE-2025-36251,CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236). -------------------- CVE-2025-36250 (CVSS 10.0) : Remote Command Execution via nimesis https
@HunterMapping
17 Nov 2025
1106 Impressions
5 Retweets
9 Likes
7 Bookmarks
0 Replies
0 Quotes
🚨🚨Critical Vulnerabilities in IBM CVE-2025-36250 (CVSS 10.0): RCE via nimesis CVE-2025-36251 (CVSS 9.6): RCE via nimsh CVE-2025-36096 (CVSS 9.0): Exposure of NIM Private Keys ZoomEye Dork👉app="IBM AIX" Over 7.4m exposed IBM AIX instances. ZoomEye Link: https://t.co/S5N
@zoomeye_team
17 Nov 2025
2121 Impressions
9 Retweets
21 Likes
5 Bookmarks
0 Replies
0 Quotes
Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2025-36251, CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236) https://t.co/XHQ3xFncik 『(直訳)AIX
@taku888infinity
17 Nov 2025
678 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
IBM AIX CVE-2025-36251: CVSS 9.6 RCE via nimsh service SSL/TLS implementation. Additional attack vectors for previously patched CVE-2024-56347. Three IBM AIX CVEs this week suggest broader NIM infrastructure review needed. https://t.co/ECBOgnSMLY
@gothburz
15 Nov 2025
162 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-36251 IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper proce… https://t.co/4TQFemChhs
@CVEnew
14 Nov 2025
264 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-36251: CRITICAL] Vulnerability alert: IBM AIX 7.2/7.3 & VIOS 3.1/4.1 nimsh service SSL/TLS flaws allow remote attackers to run arbitrary commands. Patch available for CVE-2024-56347.#cve,CVE-2025-36251,#cybersecurity https://t.co/DUZNFPqOE3 https://t.co/z71IPRFMrI
@CveFindCom
13 Nov 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes