What is CVE-2025-36238?

CVE-2025-36238 is a medium-severity vulnerability in Ibm Powervm Hypervisor, classified under Exposure of Sensitive System Information to an Unauthorized Control Sphere. CVSS score: 6.0/10. Published 2026-02-02.

How severe is CVE-2025-36238?

Medium severity. CVSS v3 base score is 6.0 out of 10.

Vulnerability in Ibm Powervm Hypervisor

CVE-2025-36238

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of P…

EPSS: 0.000 (0.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N.

Affected products

Ibm Powervm Hypervisor — versions FW1110.00, FW1060.00, FW950.00

Weakness classification (CWE)

CWE-497 — Exposure of Sensitive System Information to an Unauthorized Control Sphere

References

www.ibm.com/support/pages/node/7257556 (vendor-advisory, patch)

Frequently asked questions

What is CVE-2025-36238?: CVE-2025-36238 is a medium-severity vulnerability in Ibm Powervm Hypervisor, classified under Exposure of Sensitive System Information to an Unauthorized Control Sphere. CVSS score: 6.0/10. Published 2026-02-02.
How severe is CVE-2025-36238?: Medium severity. CVSS v3 base score is 6.0 out of 10.