Critical IBM AIX Vulnerabilities Expose Systems to Remote Command Execution
IBM has recently addressed two critical security vulnerabilities in its AIX operating system that could allow remote attackers to execute arbitrary commands on affected systems. These flaws, identified as CVE-2025-36250 and CVE-2025-36251, stem from improper process controls in essential AIX services.
Overview of the Vulnerabilities
The first vulnerability, CVE-2025-36250, affects the Network Installation Management (NIM) server service, also known as nimesis. This flaw has been assigned a CVSS base score of 10.0, indicating the highest level of severity. It allows remote attackers to execute arbitrary commands without requiring authentication or user interaction, potentially leading to full system compromise.
The second vulnerability, CVE-2025-36251, impacts the nimsh service and its SSL/TLS implementations. With a CVSS base score of 9.6, this flaw enables remote attackers to bypass security controls and execute unauthorized commands. Similar to the first vulnerability, it requires network access but no authentication or user interaction.
Technical Details
Both vulnerabilities are classified under CWE-114: Process Control, which pertains to improper management of processes and their permissions. Exploitation of these flaws could result in unauthorized data access, modification, and denial-of-service attacks.
These vulnerabilities represent additional attack vectors for issues previously addressed in CVE-2024-56346 and CVE-2024-56347. This suggests that earlier patches may not have comprehensively eliminated all exploitation paths, necessitating these additional security updates.
Affected Systems
The vulnerabilities affect IBM AIX versions 7.2 and 7.3, including systems running on Virtual I/O Server (VIOS) environments. Specific affected filesets include:
– bos.sysmgt.nim.client
– bos.sysmgt.nim.master
– bos.sysmgt.sysbr
Organizations can determine if their systems are vulnerable by checking the installed filesets using the AIX command:
“`shell
lslpp -L | grep -i bos.sysmgt.nim.client
“`
Recommended Actions
IBM has released security patches to address these vulnerabilities. The company has assigned specific Authorized Program Analysis Reports (APARs) to track the fixes:
– For AIX 7.2.5: APAR IJ53757 (SP10)
– For AIX 7.3.1: APAR IJ53929
– For AIX 7.3.2: APAR IJ53923 (SP04)
– For AIX 7.3.3: APAR IJ53792 (SP01)
Security patches are available for download from IBM’s security fix portal. The company has provided interim fixes for both NIM clients and NIM masters across various AIX technology levels.
System administrators can verify the integrity of downloaded fixes using the provided SHA-256 checksums or OpenSSL signatures. IBM recommends creating a mksysb backup of systems before applying patches.
IBM strongly recommends that all affected organizations apply security updates immediately to mitigate the risk of potential attacks targeting these vulnerabilities.
