CVE-2025-36250
BaseFortify
Publication date: 2025-11-13
Last updated on: 2025-11-19
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | vios | 3.1.0 |
| ibm | vios | 4.1.0 |
| ibm | aix | 7.2 |
| ibm | aix | 7.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-114 | Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects IBM AIX 7.2 and 7.3, and IBM VIOS 3.1 and 4.1 NIM server service (nimesis). It allows a remote attacker to execute arbitrary commands due to improper process controls in the NIM server. This means an attacker can run any commands they choose on the affected system without authorization.
How can this vulnerability impact me? :
The vulnerability can have a severe impact as it allows remote attackers to execute arbitrary commands with no privileges required and no user interaction needed. This can lead to complete compromise of confidentiality, integrity, and availability of the affected system, potentially allowing attackers to take full control.