What is CVE-2025-36096?

CVE-2025-36096 is a critical-severity vulnerability in Ibm Aix, classified under Insufficiently Protected Credentials. CVSS score: 9.0/10. Published 2025-11-13.

How severe is CVE-2025-36096?

Critical severity. CVSS v3 base score is 9.0 out of 10.

Vulnerability in Ibm Aix

CVE-2025-36096

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques.

EPSS: 0.000 (9.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Ibm Aix — versions 7.2, 7.3
Ibm Vios — versions 3.1, 4.1

Weakness classification (CWE)

CWE-522 — Insufficiently Protected Credentials

References

www.ibm.com/support/pages/node/7251173 (vendor-advisory, patch)

Frequently asked questions

What is CVE-2025-36096?: CVE-2025-36096 is a critical-severity vulnerability in Ibm Aix, classified under Insufficiently Protected Credentials. CVSS score: 9.0/10. Published 2025-11-13.
How severe is CVE-2025-36096?: Critical severity. CVSS v3 base score is 9.0 out of 10.