IBM has addressed newly discovered critical vulnerabilities in AIX Network Installation Manager (NIM) with the release of security patches, following responsible disclosure by Oneconsult’s security research team.

Following our initial discovery of CVE-2024-56346 and CVE-2024-56347 in December 2024 and subsequent release of fixes, our security researcher Jan Alsenz conducted additional testing that uncovered further attack vectors and vulnerabilities in AIX NIM environments. IBM has now addressed these findings with the release of security bulletin on November 13, 2025.

The New IBM AIX NIM Vulnerabilities

The newly disclosed vulnerabilities are:

• CVE-2025-36250 (CVSS 10.0): Additional attack vectors in the NIM server (nimesis) service enabling remote arbitrary command execution
• CVE-2025-36251 (CVSS 9.6): Incomplete fix of CVE-2024-56347 in the nimsh service SSL/TLS implementation allowing remote arbitrary command execution
• CVE-2025-36096 (CVSS 9.0): Insecure storage of NIM private keys susceptible to man-in-the-middle attacks
• CVE-2025-36236 (CVSS 8.2): Directory traversal vulnerability in the NIM server service

These vulnerabilities affect AIX versions 7.2 and 7.3, as well as VIOS versions 3.1 and 4.1 – with the fixes for CVE-2024-56346 and CVE-2024-56347 applied.

Immediate Action Required

Organizations running IBM AIX with NIM services should prioritize applying the security patches released by IBM. The vulnerabilities are exploitable when an attacker can establish network connectivity to the affected host.

For immediate remediation steps and patch information, please refer to IBM’s security bulletin at https://www.ibm.com/support/pages/node/7251173.

Detailed technical analysis of these vulnerabilities will be published in the future.