Remote Command Execution Vulnerability in IBM AIX and VIOS
CVE-2025-36251

9.6CRITICAL

Key Information:

Vendor: IBM
Status: Aix; ViOS
Vendor: CVE Published:; 13 November 2025

What is CVE-2025-36251?

The nimsh service in IBM AIX versions 7.2 and 7.3, as well as IBM VIOS versions 3.1 and 4.1, is vulnerable due to flawed SSL/TLS implementations. This flaw permits remote attackers to execute arbitrary commands, leveraging improper process controls. This vulnerability introduces new attack vectors, building on previously identified issues and stressing the need for urgent patching and system updates.

Affected Version(s)

AIX 7.2

AIX 7.3

VIOS 3.1

References

https://www.ibm.com/support/pages/node/7251173

vendor-advisorypatch

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

These vulnerabilities were reported to IBM by Oneconsult AG (https://oneconsult.com/), Jan Alsenz.

JSON