CVE-2025-36096 CRITICAL

CVE-2025-36096: AIX Insufficiently Protected Credentials

Vendor Ibm
Product AIX
Weakness CWE-522 · Insufficiently protected credentials
Published November 13, 2025
Last update February 26, 2026

CVSS base score

9.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques.

Key dates

02Disclosure timeline

November 13, 2025 CVE published
February 26, 2026 Record updated