Security Flaw in IBM AIX and VIOS Leading to Key Exposure
CVE-2025-36096

9CRITICAL

Key Information:

Vendor: IBM
Status: Aix; ViOS
Vendor: CVE Published:; 13 November 2025

What is CVE-2025-36096?

The IBM AIX versions 7.2 and 7.3, along with IBM VIOS versions 3.1 and 4.1, contain a security flaw that improperly handles NIM private keys. This vulnerability exposes the keys to potential unauthorized access, where an attacker may exploit man-in-the-middle techniques to intercept and compromise these sensitive keys. This can lead to significant risks in environments utilizing Network Installation Management (NIM), underscoring the need for immediate attention and remediation.

Affected Version(s)

AIX 7.2

AIX 7.3

VIOS 3.1

References

https://www.ibm.com/support/pages/node/7251173

vendor-advisorypatch

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz.

JSON