IBM has released critical security updates addressing four severe vulnerabilities in AIX and VIOS systems that could allow remote attackers to execute arbitrary commands, steal credentials, and traverse system directories.
The vulnerabilities affect multiple AIX versions and require immediate patching.
The most critical vulnerability, CVE-2025-36250, carries a perfect 10.0 CVSS score and impacts the NIM server service.
| CVE ID | CVSS Score | Vulnerability Type | Impact |
|---|---|---|---|
| CVE-2025-36251 | 9.6 | Process Control (Arbitrary Commands) | Remote Code Execution |
| CVE-2025-36250 | 10.0 | Process Control (Arbitrary Commands) | Remote Code Execution |
| CVE-2025-36096 | 9.0 | Insufficiently Protected Credentials | Credential Theft |
| CVE-2025-36236 | 8.2 | Path Traversal | Directory Traversal & File Write |
This flaw allows unauthenticated remote attackers to execute arbitrary commands due to improper process controls in the nimesis service.
The vulnerability represents additional attack vectors for an issue previously addressed in CVE-2024-56346, indicating that attackers have discovered new exploitation methods.
CVE-2025-36251 is similarly dangerous, with a 9.6 CVSS score, and affects the Nimsh service’s SSL/TLS implementations.
This vulnerability enables remote command execution through inadequate process protections in the Network Installation Manager service. Like CVE-2025-36250, it builds upon vulnerabilities previously handled in CVE-2024-56347.
A third critical issue, CVE-2025-36096, with a CVSS score of 9.0, compromises the security of NIM private keys.
This vulnerability allows attackers to intercept and steal private keys used in NIM environments via man-in-the-middle attacks.
Attackers exploiting this flaw could gain unauthorized access to sensitive credentials, potentially leading to broader system compromise.
CVE-2025-36236 poses an additional threat with a CVSS score of 8.2. This path traversal vulnerability in the NIM server allows attackers to traverse directories and write arbitrary files to affected systems through specially crafted URL requests.
All four vulnerabilities require network connectivity to exploit. However, once an attacker establishes a connection to an affected host, no authentication or user interaction is required for successful exploitation.
The vulnerabilities impact AIX versions 7.2 and 7.3, as well as VIOS versions 3.1 and 4.1. Multiple filesets require patching, including bos.sysmgt.nim.client, bos.sysmgt.nim.master, and bos. sysmgt.sysbr across various version levels.
IBM has assigned APARs and released interim fixes available through their security portal. Organizations should download the cumulative fixes from IBM’s efix repository (nim_fix2.tar).
IBM strongly recommends configuring NIM in SSL/TLS Secure mode using the nimconfig -c command before applying patches.
To identify affected systems, administrators can use the lslpp -L | grep -i bos.sysmgt.nim.client command to check installed filesets.
The released fixes are cumulative and address previously issued AIX and VIOS NIM security bulletins.
Organizations running affected AIX or VIOS systems should prioritize applying these patches immediately.
The combination of unauthenticated remote code execution capabilities and the perfect 10.0 CVSS score for CVE-2025-36250 makes these vulnerabilities critical threats.
System administrators should verify their current AIX and VIOS versions, apply appropriate interim fixes corresponding to their technology levels, and enable secure NIM configuration to prevent future exploitation.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and set GBH as a Preferred Source in Google.