CVE-2025-36035

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-36035
IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources.

6.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.ibm.com/support/pages/node/7244813 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ibm:power_system_e950_\(9040-mr9\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_e980_\(9080-m9s\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_h922_\(9223-22h\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_h922_\(9223-22s\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_h924_\(\(9223-42s\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_h924_\(9223-42h\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_l922_\(9008-22l\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_s914_\(9009-41a\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_s914_\(9009-41g\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_s922_\(9009-22a\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_s922_\(9009-22g\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_s924_\(9009-42a\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_s924_\(9009-42g\):-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_e1080_\(9080-hex\):-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ibm:power_system_e1050_\(9043-mrx\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_l1022_\(9786-22h\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_l1024_\(9786-42h\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_s1012_\(9028-21b\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_s1014_\(9105-41b\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_s1022_\(9105-22a\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_s1022s_\(9105-22b\):-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:power_system_s1024_\(9105-42a\):-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-09-14 13:15

Updated : 2025-12-19 13:29

NVD link : CVE-2025-36035

Mitre link : CVE-2025-36035

CVE.ORG link : CVE-2025-36035

JSON object : View

Products Affected

ibm

  • power_system_s1022s_\(9105-22b\)
  • power_system_s914_\(9009-41a\)
  • power_system_h922_\(9223-22s\)
  • power_system_s1022_\(9105-22a\)
  • power_system_l922_\(9008-22l\)
  • power_system_l1024_\(9786-42h\)
  • power_system_h922_\(9223-22h\)
  • power_system_e980_\(9080-m9s\)
  • power_system_s914_\(9009-41g\)
  • power_system_e1050_\(9043-mrx\)
  • power_system_e1080_\(9080-hex\)
  • power_system_s924_\(9009-42a\)
  • power_system_s1014_\(9105-41b\)
  • powervm_hypervisor
  • power_system_h924_\(9223-42h\)
  • power_system_s924_\(9009-42g\)
  • power_system_s922_\(9009-22a\)
  • power_system_e950_\(9040-mr9\)
  • power_system_l1022_\(9786-22h\)
  • power_system_h924_\(\(9223-42s\)
  • power_system_s922_\(9009-22g\)
  • power_system_s1012_\(9028-21b\)
  • power_system_s1024_\(9105-42a\)
CWE
CWE-770

Allocation of Resources Without Limits or Throttling