CVE-2025-36238
Unknown
Unknown - Not Provided
Information Disclosure in IBM PowerVM Hypervisor Virtual TPM
Publication date: 2026-02-02
Last updated on: 2026-02-19
Assigner: IBM Corporation
Description
Description
IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | powervm_hypervisor | fw1060.00 |
| ibm | powervm_hypervisor | fw1060.10 |
| ibm | powervm_hypervisor | fw1060.12 |
| ibm | powervm_hypervisor | fw1060.20 |
| ibm | powervm_hypervisor | fw1060.21 |
| ibm | powervm_hypervisor | fw1060.40 |
| ibm | powervm_hypervisor | fw1060.41 |
| ibm | powervm_hypervisor | fw1060.50 |
| ibm | powervm_hypervisor | fw1060.51 |
| ibm | powervm_hypervisor | fw1110.00 |
| ibm | powervm_hypervisor | fw1110.01 |
| ibm | powervm_hypervisor | fw1110.03 |
| ibm | powervm_hypervisor | fw950.00 |
| ibm | powervm_hypervisor | fw950.10 |
| ibm | powervm_hypervisor | fw950.11 |
| ibm | powervm_hypervisor | fw950.20 |
| ibm | powervm_hypervisor | fw950.30 |
| ibm | powervm_hypervisor | fw950.40 |
| ibm | powervm_hypervisor | fw950.50 |
| ibm | powervm_hypervisor | fw950.60 |
| ibm | powervm_hypervisor | fw950.70 |
| ibm | powervm_hypervisor | fw950.71 |
| ibm | powervm_hypervisor | fw950.80 |
| ibm | powervm_hypervisor | fw950.90 |
| ibm | powervm_hypervisor | fw950.a0 |
| ibm | powervm_hypervisor | fw950.b0 |
| ibm | powervm_hypervisor | fw950.c0 |
| ibm | powervm_hypervisor | fw950.c1 |
| ibm | powervm_hypervisor | fw950.c2 |
| ibm | powervm_hypervisor | fw950.d0 |
| ibm | powervm_hypervisor | fw950.d1 |
| ibm | powervm_hypervisor | fw950.e0 |
| ibm | powervm_hypervisor | fw950.e1 |
| ibm | powervm_hypervisor | fw950.f0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM PowerVM Hypervisor versions FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 allows a local user with administrative privileges to obtain sensitive information from a Virtual TPM by exploiting certain PowerVM service procedures.
How can this vulnerability impact me? :
An attacker with local administrative privileges could exploit this vulnerability to access sensitive information stored in a Virtual TPM, potentially compromising the confidentiality of cryptographic keys or other protected data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70