CVE-2025-36251
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-13
Last updated on: 2025-11-19
Assigner: IBM Corporation
Description
Description
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | vios | 3.1.0 |
| ibm | vios | 4.1.0 |
| ibm | aix | 7.2 |
| ibm | aix | 7.3 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-114 | Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects IBM AIX 7.2, 7.3, and IBM VIOS 3.1 and 4.1 nimsh service SSL/TLS implementations. It allows a remote attacker to execute arbitrary commands due to improper process controls in the service. This vulnerability expands on previously addressed issues in CVE-2024-56347.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could remotely execute arbitrary commands on affected systems, potentially leading to full system compromise, data loss, or disruption of services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70