CVE-2025-36236
Published: 13 November 2025
Summary
CVE-2025-36236 is a high-severity Path Traversal (CWE-22) vulnerability in Ibm Vios. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Applying vendor-provided patches directly remediates the directory traversal vulnerability in the nimesis service, preventing arbitrary file writes.
Validates specially crafted URL requests to detect and reject path traversal sequences, blocking the ability to write arbitrary files outside intended directories.
Enforces access control policies to restrict file write operations to authorized paths only, mitigating traversal attempts that bypass directory restrictions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a directory traversal in a network-accessible NIM server service exploitable via crafted URL requests by unauthenticated remote attackers to write arbitrary files, directly enabling T1190 (Exploit Public-Facing Application).
NVD Description
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request…
more
to write arbitrary files on the system.
Deeper analysisAI
CVE-2025-36236 is a directory traversal vulnerability (CWE-22) in the NIM server service, known as nimesis (formerly NIM master), affecting IBM AIX 7.2 and 7.3, as well as IBM VIOS 3.1 and 4.1. Published on 2025-11-13, the flaw allows a remote attacker to traverse directories on the system by sending a specially crafted URL request, enabling the writing of arbitrary files. It carries a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L), indicating high severity due to its network accessibility and lack of prerequisites.
An unauthenticated remote attacker with network access to the vulnerable NIM server can exploit this issue with low complexity and no user interaction required. Successful exploitation allows writing arbitrary files to the filesystem, which could lead to overwriting configuration files, injecting malicious code, or facilitating further attacks, resulting in high integrity impact and low availability impact with no direct confidentiality loss.
IBM has published a security advisory at https://www.ibm.com/support/pages/node/7251173 detailing the vulnerability, affected versions, and mitigation guidance, including available patches for remediation.
Details
- CWE(s)