216.73.216.170

CVE-2025-36236

· Published 13/11/2025 22:15 · Modified 19/11/2025 22:11

Labels: CVE-2025-36236 2025-11-13CVE-2025-36236CWE-22[email protected]

Essential information

Published
13/11/2025 22:15
Modified
19/11/2025 22:11
Author
Creator
CVSS
8.2 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CVSS metrics

Description

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ibm / vios cpe:2.3:a:ibm:vios:3.1.0:*:*:*:*:*:*:*
ibm / vios cpe:2.3:a:ibm:vios:4.1.0:*:*:*:*:*:*:*
ibm / aix cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*
ibm / aix cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*

References