IBM AIX Vulnerability Lets Remote Attackers Execute Arbitrary Commands

IBM has released urgent security patches addressing four severe vulnerabilities in AIX and VIOS systems that enable remote attackers to execute arbitrary commands, intercept credentials, and compromise system integrity.

The vulnerabilities span multiple AIX versions and demand immediate remediation from affected organizations.

The most alarming threat, CVE-2025-36250, carries a perfect 10.0 CVSS score and targets the NIM (Network Installation Manager) server service.

This flaw permits unauthenticated remote attackers to execute arbitrary commands due to inadequate process controls in the nimesis service.

The vulnerability represents a novel attack vector for an issue previously mitigated through CVE-2024-56346, suggesting threat actors have discovered additional exploitation techniques.

CVE-2025-36251 presents similarly grave dangers with a 9.6 CVSS score, affecting the Nimsh service’s SSL/TLS implementation.

The vulnerability enables remote command…