CVE-2025-36238
Unknown Unknown - Not Provided
Information Disclosure in IBM PowerVM Hypervisor Virtual TPM

Publication date: 2026-02-02

Last updated on: 2026-02-19

Assigner: IBM Corporation

Description
IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-02
Last Modified
2026-02-19
Generated
2026-06-16
AI Q&A
2026-02-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-36238
Affected Vendors & Products
Showing 34 associated CPEs
Vendor Product Version / Range
ibm powervm_hypervisor fw1060.00
ibm powervm_hypervisor fw1060.10
ibm powervm_hypervisor fw1060.12
ibm powervm_hypervisor fw1060.20
ibm powervm_hypervisor fw1060.21
ibm powervm_hypervisor fw1060.40
ibm powervm_hypervisor fw1060.41
ibm powervm_hypervisor fw1060.50
ibm powervm_hypervisor fw1060.51
ibm powervm_hypervisor fw1110.00
ibm powervm_hypervisor fw1110.01
ibm powervm_hypervisor fw1110.03
ibm powervm_hypervisor fw950.00
ibm powervm_hypervisor fw950.10
ibm powervm_hypervisor fw950.11
ibm powervm_hypervisor fw950.20
ibm powervm_hypervisor fw950.30
ibm powervm_hypervisor fw950.40
ibm powervm_hypervisor fw950.50
ibm powervm_hypervisor fw950.60
ibm powervm_hypervisor fw950.70
ibm powervm_hypervisor fw950.71
ibm powervm_hypervisor fw950.80
ibm powervm_hypervisor fw950.90
ibm powervm_hypervisor fw950.a0
ibm powervm_hypervisor fw950.b0
ibm powervm_hypervisor fw950.c0
ibm powervm_hypervisor fw950.c1
ibm powervm_hypervisor fw950.c2
ibm powervm_hypervisor fw950.d0
ibm powervm_hypervisor fw950.d1
ibm powervm_hypervisor fw950.e0
ibm powervm_hypervisor fw950.e1
ibm powervm_hypervisor fw950.f0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in IBM PowerVM Hypervisor versions FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 allows a local user with administrative privileges to obtain sensitive information from a Virtual TPM by exploiting certain PowerVM service procedures.

Impact Analysis

An attacker with local administrative privileges could exploit this vulnerability to access sensitive information stored in a Virtual TPM, potentially compromising the confidentiality of cryptographic keys or other protected data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-36238. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart