Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Remote Code Execution in IMB AIX, and IBM VIOS NIM server, Patch Immediately!
Image
Published : 14/11/2025
- Last update: 14-11-2025
- Affected software:
→ IBM AIX: 7.2 and 7.3
→ IBM VIOS 3.1 and 4.1- Type: Remote Code Execution
- CVE/CVSS
→ CVE-2025-36236: CVSS 8.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L)
→ CVE-2025-36250: CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
→ CVE-2025-36251: CVSS 9.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L)
→ CVE-2025-36096: CVSS 9.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
https://www.ibm.com/support/pages/node/7251173
Risks
Newly identified vulnerabilities in IBM AIX, as well as IBM VIOS, specifically within the NIM server allowing attackers to remotely execute code, potentially exposing sensitive company data and disrupting operations.
IBM AIX, VIOS, and the NIM server are foundational components within many enterprise environments, supporting system provisioning, patch management, and large-scale infrastructure orchestration. These technologies play a central role in maintaining operational stability and ensuring consistent, secure deployments across mission-critical systems.
If exploited this could lead to data breaches, system compromise, and operational downtime impacting confidentiality, integrity, and availability of critical businesses.
Description
A set of critical security vulnerabilities: CVE-2025-36251, CVE-2025-36250, CVE-2025-36096, and CVE-2025-36236 has been identified in IBM AIX systems. These issues encompass multiple high-impact attack vectors: arbitrary command execution, unauthorized retrieval of sensitive NIM private keys, and directory traversal. Collectively, these flaws present significant risk by enabling remote attackers to compromise system integrity, access confidential data, or manipulate filesystem structures.
In affected environments, attackers who can establish network connectivity to the targeted host may exploit these weaknesses through crafted requests or interaction with exposed AIX services. Successful exploitation could allow remote arbitrary command execution (CVE-2025-36251, CVE-2025-36250), extraction of critical Network Installation Manager (NIM) private keys (CVE-2025-36096), or traversal of directory paths to access unintended locations (CVE-2025-36236). All vulnerabilities have been addressed through the fixes referenced in the IBM bulletin.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.