CVE-2025-36096 – IBM AIX and VIOS systems store NIM private keys... (How to Fix)

Q: What is the severity of CVE-2025-36096?

CVE-2025-36096 has a CVSS score of 9.0 (CRITICAL). IBM AIX and VIOS systems store NIM private keys insecurely, allowing attackers with network access to intercept and misuse these keys. This affects IBM AIX 7.2-7.3 and VIOS 3.1-4.1 systems using NIM environments. Attackers could impersonate legitimate systems or gain unauthorized access.

📋 TL;DR

IBM AIX and VIOS systems store NIM private keys insecurely, allowing attackers with network access to intercept and misuse these keys. This affects IBM AIX 7.2-7.3 and VIOS 3.1-4.1 systems using NIM environments. Attackers could impersonate legitimate systems or gain unauthorized access.

💻 Affected Systems

Products:

IBM AIX
IBM VIOS

Versions: AIX 7.2-7.3, VIOS 3.1-4.1

Operating Systems: AIX, VIOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using Network Installation Manager (NIM) environments where private keys are stored insecurely.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of NIM-managed systems, allowing attackers to deploy malicious software, steal sensitive data, or disrupt operations across the entire AIX/VIOS environment.

🟠

Likely Case

Unauthorized access to NIM-managed systems, privilege escalation, and potential lateral movement within the network using intercepted credentials.

🟢

If Mitigated

Limited impact if network segmentation, strict access controls, and monitoring prevent man-in-the-middle attacks and unauthorized key usage.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires man-in-the-middle position on network and knowledge of NIM environment. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply IBM security bulletin fixes for affected versions

Vendor Advisory: https://www.ibm.com/support/pages/node/7251173

Restart Required: Yes

Instructions:

1. Review IBM advisory. 2. Download appropriate patches from IBM Fix Central. 3. Apply patches following IBM documentation. 4. Restart affected systems. 5. Verify patch application.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate NIM traffic to trusted networks to prevent man-in-the-middle attacks

Access Control Restrictions

linux

Restrict access to NIM directories and files containing private keys

chmod 600 /path/to/nim/private/keys
chown root:system /path/to/nim/private/keys

🧯 If You Can't Patch

Implement strict network segmentation to isolate NIM traffic from untrusted networks
Monitor NIM-related network traffic for unusual patterns and implement intrusion detection

🔍 How to Verify

Check if Vulnerable:

Check AIX/VIOS version and NIM configuration. Review IBM advisory for specific vulnerable configurations.

Check Version:

oslevel -s

Verify Fix Applied:

Verify patch installation using 'oslevel -s' command and check that NIM private keys are now stored securely.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to NIM directories
Unexpected NIM authentication failures
Suspicious file access patterns in NIM key storage locations

Network Indicators:

Unusual NIM network traffic patterns
Man-in-the-middle attack indicators on NIM network segments

SIEM Query:

source="aix_logs" AND (event="unauthorized_access" OR event="nim_auth_failure")

📊 Metadata

CVE ID: CVE-2025-36096

CVSS v3 Score: 9.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-522

EPSS Score: 0.07% exploit probability (20.5th percentile)

Published: November 13, 2025

Last Updated: November 19, 2025

🔗 References

https://www.ibm.com/support/pages/node/7251173 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36096, you might also want to check these: