Blog

Informative, up-to-date and exciting – the Oneconsult Cybersecurity Blog.

New Critical IBM AIX NIM Fixes Released: CVE-2025-36251, CVE-2025-36250, CVE-2025-36096, and CVE-2025-36236
Jan Alsenz Oneconsult
Jan Alsenz
|
18.11.2025
(updated on: 18.11.2025)

IBM has addressed newly discovered critical vulnerabilities in AIX Network Installation Manager (NIM) with the release of security patches, following responsible disclosure by Oneconsult’s security research team.

Following our initial discovery of CVE-2024-56346 and CVE-2024-56347 in December 2024 and subsequent release of fixes, our security researcher Jan Alsenz conducted additional testing that uncovered further attack vectors and vulnerabilities in AIX NIM environments. IBM has now addressed these findings with the release of security bulletin on November 13, 2025.

The New IBM AIX NIM Vulnerabilities

The newly disclosed vulnerabilities are:

  • CVE-2025-36250 (CVSS 10.0): Additional attack vectors in the NIM server (nimesis) service enabling remote arbitrary command execution
  • CVE-2025-36251 (CVSS 9.6): Incomplete fix of CVE-2024-56347 in the nimsh service SSL/TLS implementation allowing remote arbitrary command execution
  • CVE-2025-36096 (CVSS 9.0): Insecure storage of NIM private keys susceptible to man-in-the-middle attacks
  • CVE-2025-36236 (CVSS 8.2): Directory traversal vulnerability in the NIM server service

These vulnerabilities affect AIX versions 7.2 and 7.3, as well as VIOS versions 3.1 and 4.1 – with the fixes for CVE-2024-56346 and CVE-2024-56347 applied.

Immediate Action Required

Organizations running IBM AIX with NIM services should prioritize applying the security patches released by IBM. The vulnerabilities are exploitable when an attacker can establish network connectivity to the affected host.

For immediate remediation steps and patch information, please refer to IBM’s security bulletin at https://www.ibm.com/support/pages/node/7251173.

Detailed technical analysis of these vulnerabilities will be published in the future.

Categories

All Categories
Active Directory / Entra ID
Attack Simulation / Red Teaming
Cybersecurity
Cybersecurity Awareness
Digital Forensics
Incident Response
IoT/OT-Security
News & Advisories
Penetration Testing

Vulnerability Management

This might also be of interest to you:

Request high quality security testing by our experts
Contact us
Jan Alsenz Oneconsult

Author

Jan Alsenz is the Head of Innovation and a Principal Penetration Tester at Oneconsult AG. He holds a Master’s degree in Computer Science and has earned several respected certifications over the course of his career, including OSSTMM Trainer, OPSA, and OPST.

Your security is our top priority – our specialists provide you with professional support.

Availability Monday to Friday 8:00 a.m. – 6:00 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).

Private individuals please contact your trusted IT service provider or the local police station.

  • What and who is affected?
  • Who discovered and reported the incident?
  • How and when was the incident noticed?
  • What did you observe?
  • What are you concerned about in connection with the incident?
  • What actions have already been taken?

For more information about our DFIR services here:

QR_CSIRT_2022_EN@2x
Add CSIRT to contacts

Don’t miss anything! Subscribe to our free newsletter.