Cyber Resilience

CVE-2025-36251

Critical

Published: 13 November 2025

Published
13 November 2025
Modified
19 November 2025
KEV Added
Patch
CVSS Score v3.1 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
EPSS Score 0.0006 18.3th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-36251 is a critical-severity Process Control (CWE-114) vulnerability in Ibm Vios. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 18.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-36251 is a high-severity vulnerability in the nimsh service SSL/TLS implementations on IBM AIX 7.2 and 7.3, as well as IBM VIOS 3.1 and 4.1. It arises from improper process controls (CWE-114), enabling a remote attacker to execute arbitrary commands. Published on 2025-11-13, this issue addresses additional attack vectors related to a vulnerability previously fixed in CVE-2024-56347. The CVSS v3.1 base score is 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L).

A remote attacker can exploit this over the network with low attack complexity and no privileges required, though user interaction is necessary. Upon successful exploitation, the attacker achieves high confidentiality and integrity impacts, such as accessing sensitive data or modifying system behavior through arbitrary command execution, alongside low availability impact and a crossed scope that affects additional privileges or components.

IBM's security advisory at https://www.ibm.com/support/pages/node/7251173 details the vulnerability, affected versions, and recommended mitigation steps, including available patches.

EU & UK References

Vulnerability details

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously…

more

addressed in CVE-2024-56347.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Vulnerability in nimsh service enables remote exploitation (T1210) for arbitrary command execution on AIX/VIOS Unix systems (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-36250Same product: Ibm Aix
CVE-2024-56347Same product: Ibm Aix
CVE-2024-56346Same product: Ibm Aix
CVE-2025-36236Same product: Ibm Aix
CVE-2025-0160Same vendor: Ibm
CVE-2025-13686Same vendor: Ibm
CVE-2026-5935Same vendor: Ibm
CVE-2025-13688Same vendor: Ibm
CVE-2025-13687Same vendor: Ibm
CVE-2025-36247Same vendor: Ibm

Affected Assets

ibm
vios
3.1.0, 4.1.0
ibm
aix
7.2, 7.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the specific flaw in nimsh SSL/TLS process controls by applying vendor patches as recommended in IBM's advisory.

prevent

Enforces process isolation to counter improper process controls (CWE-114) that enable remote arbitrary command execution in the nimsh service.

prevent

Minimizes attack surface by restricting the nimsh service to least functionality or disabling it if not essential, preventing exploitation vectors.

References