CVE-2025-36244 HIGH

CVE-2025-36244: IBM AIX privilege escalation

Vendor Ibm
Product AIX
Weakness CWE-454
Published September 16, 2025
Last update February 26, 2026

CVSS base score

7.4/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.

Key dates

02Disclosure timeline

September 16, 2025 CVE published
February 26, 2026 Record updated