GCVE-VVD-NCSC-2025-369 — Vulnetix

GCVE-VVD-NCSC-2025-369

Advisory PublishedCVSS 9.0/10

Vulnetix · Advisory published November 18, 2025

IBM AIX versions 7.2 and 7.3, along with IBM VIOS versions 3.1 and 4.1, have been found to store NIM private keys insecurely, exposing them to potential man-in-the-middle attacks.

Download JSON Open in Console

Weaknesses (CWE)

CWE-522Insufficiently Protected CredentialsCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-114Process Control

Risk Scores

CVSS 3.1

9.0/10

Critical · CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions	Platforms
IBM	vers:unknown/*	—	—

Aliases

CVE-2025-36096 CVE-2025-36251 CVE-2025-36236 CVE-2025-36250

Transitive aliases

EUVD-2025-180540 EUVD-2025-180541 VVD-CISA-2025-36251 GHSA-5x48-f75w-m9hh VVD-CISA-2025-36096 EUVD-2025-180538 GHSA-hfx3-278h-qhxq VVD-CISA-2025-36236 BDU:2025-14676 VVD-CISA-2025-36250 GHSA-gf4w-g7vv-vr2w GHSA-gcw9-j843-4vfx EUVD-2025-180539

References

advisory

advisory

advisory

advisory

advisory

advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON

$ Console Community · 100/wk Open console ›