CVE-2025-36035 MEDIUM

CVE-2025-36035: IBM PowerVM Hypervisor denial of service

Vendor Ibm
Product PowerVM Hypervisor
Weakness CWE-770 · Uncontrolled resource consumption
Published September 14, 2025
Last update September 15, 2025

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H

What the vulnerability does

01Description

IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources.

Key dates

02Disclosure timeline

September 14, 2025 CVE published
September 15, 2025 Record updated