Denial of Service Risk in IBM PowerVM Hypervisor by Local Privileged Users
CVE-2025-36035

6.7MEDIUM

Key Information:

Vendor: IBM
Status: Powervm Hypervisor
Vendor: CVE Published:; 14 September 2025

What is CVE-2025-36035?

A vulnerability exists in IBM PowerVM Hypervisor versions FW950.00 to FW950.E0, FW1050.00 to FW1050.50, and FW1060.00 to FW1060.40. This security flaw allows local privileged users to execute specially crafted IBM i hypervisor calls, which can lead to denial of service conditions by disclosing sensitive memory contents or exhausting memory resources. It is essential for affected users to implement the recommended patches to mitigate this risk and maintain system integrity.

Affected Version(s)

PowerVM Hypervisor FW950.00

PowerVM Hypervisor FW1050.00

PowerVM Hypervisor FW1060.00

References

https://www.ibm.com/support/pages/node/7244813

vendor-advisorypatch

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 14, 2025
Vulnerability Reserved
Apr 15, 2025