Remote Command Execution Vulnerability in IBM AIX and VIOS
CVE-2025-36250

10CRITICAL

Key Information:

Vendor: IBM
Status: Aix; ViOS
Vendor: CVE Published:; 13 November 2025

What is CVE-2025-36250?

An improper process control vulnerability in IBM AIX 7.2, 7.3 and IBM VIOS 3.1, 4.1 NIM server resources could permit remote attackers to execute arbitrary commands. This flaw adds new attack vectors to a previously reported issue, emphasizing the need for system administrators to apply security patches and enhance their monitoring strategies to protect against unauthorized command execution.

Affected Version(s)

AIX 7.2

AIX 7.3

VIOS 3.1

References

https://www.ibm.com/support/pages/node/7251173

vendor-advisorypatch

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz.

JSON