CVE-2025-36250
Published: 13 November 2025
Summary
CVE-2025-36250 is a critical-severity Process Control (CWE-114) vulnerability in Ibm Vios. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 26.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-39 (Process Isolation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely remediation of known flaws, such as applying IBM patches for improper process controls in the nimesis service that enable remote arbitrary command execution.
Enforces process isolation to mitigate risks from improper process controls in the NIM server service, limiting the impact of spawned arbitrary commands.
Implements boundary protection mechanisms like firewalls to restrict unauthenticated remote network access to the vulnerable nimesis service.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote arbitrary command execution vulnerability in the NIM server service directly enables Exploitation of Remote Services (T1210) and facilitates Unix Shell (T1059.004) command execution.
NVD Description
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for…
more
a vulnerability that was previously addressed in CVE-2024-56346.
Deeper analysisAI
CVE-2025-36250 is a critical vulnerability affecting the NIM server service, known as nimesis, in IBM AIX 7.2 and 7.3, as well as IBM VIOS 3.1 and 4.1. The flaw stems from improper process controls (CWE-114), enabling a remote attacker to execute arbitrary commands. This CVE addresses additional attack vectors related to a previously patched issue in CVE-2024-56346, with a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
An unauthenticated attacker with network access can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation grants arbitrary command execution on the affected NIM server (formerly NIM master), potentially leading to complete compromise of confidentiality, integrity, and availability due to the changed scope.
IBM has issued an advisory with details on the vulnerability and available patches at https://www.ibm.com/support/pages/node/7251173. Security practitioners should consult this page for mitigation guidance, including applying the recommended updates to affected AIX and VIOS systems.
Details
- CWE(s)