IBM has released critical security updates addressing two severe vulnerabilities in its AIX operating system that could allow remote attackers to execute arbitrary commands on affected systems.
Both vulnerabilities stem from improper process controls in essential IBM AIX services.
Critical Flaws in IBM AIX Services
The first vulnerability, CVE-2025-36251, affects the Nimsh service and its SSL/TLS implementations. This critical flaw could enable remote attackers to bypass security controls and execute unauthorized commands.
The vulnerability carries a CVSS base score of 9.6, indicating severe risk across network-accessible systems. The attack requires network access but no authentication or user interaction, making it particularly dangerous for exposed systems.
The second vulnerability, CVE-2025-36250, impacts the NIM server service (nimesis), formerly known as NIM master. This flaw is even more critical, receiving a perfect CVSS score of 10.0.
| CVE ID | CVE-2025-36251 | CVE-2025-36250 |
| Affected Service | IBM AIX nimsh service | IBM AIX NIM server (nimesis) |
| Vulnerability Type | SSL/TLS implementation flaw | Improper process controls |
| CWE Classification | CWE-114: Process Control | CWE-114: Process Control |
| CVSS Base Score | 9.6 | 10.0 |
| Attack Vector (AV) | Network | Network |
Like the first vulnerability, it stems from improper process controls that fail to properly restrict command execution.
Attackers can exploit this remotely without requiring authentication or user interaction, potentially compromising the entire infrastructure.
Both vulnerabilities represent additional attack vectors for issues previously addressed in CVE-2024-56347 and CVE-2024-56346.
This indicates that IBM’s earlier patches may not have comprehensively eliminated all exploitation paths, necessitating these additional security updates.
The vulnerabilities are classified under CWE-114: Process Control, a weakness category focusing on improper management of processes and their permissions.
Exploitation could result in complete system compromise, including unauthorized data access, modification, and denial-of-service attacks.
IBM AIX administrators should prioritize patching these vulnerabilities immediately. The NIM services are critical components used for managing and deploying IBM AIX systems across enterprise environments.
Exploitation could allow attackers to gain control over multiple systems simultaneously. Organizations running IBM AIX should review their current patch levels and apply the latest security updates from IBM.
Additionally, implementing network segmentation and restricting access to NIM and nimsh services to trusted networks can provide temporary mitigation.
Security teams should look for unusual activity and use tools to detect attacks. These vulnerabilities underscore the importance of maintaining current patch levels on critical infrastructure components.
Organizations dependent on IBM AIX should establish regular security update procedures and closely monitor IBM security advisories for emerging threats.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
