CVE-2025-36250 PoC — AIX Code Execution

Source

https://github.com/B1ack4sh/Blackash-CVE-2025-36250

Associated Vulnerability

Title:AIX Code Execution (CVE-2025-36250)
Description:IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.

Description

CVE-2025-36250

Readme

# 🚨 Critical Vulnerability Alert: CVE-2025-36250 Explained

![IBM AIX Vulnerability](https://github.com/user-attachments/assets/df7c0e8f-9312-4ee0-83a4-75618dcbc3de)

| Category                  | Details                                                                                          | Emoji Status      |
|---------------------------|--------------------------------------------------------------------------------------------------|-------------------|
| **CVE ID**                | CVE-2025-36250                                                                                   | 🆔                |
| **Severity**              | **CRITICAL** – CVSS 10.0 (perfect score)                                                         | 🔥🔥🔥           |
| **Published**             | November 13, 2025                                                                                | 📅                |
| **Type**                  | Remote Code Execution (RCE) via improper process controls                                        | 💀                |
| **Authentication**        | None required                                                                                    | 🚫🔐             |
| **Attack Complexity**     | Low                                                                                              | 😈                |
| **Exploit Status**        | No public PoC yet (as of Nov 17, 2025), but weaponization expected soon                           | ⏳                |

### What’s Vulnerable? 🎯
- IBM AIX 7.2 & 7.3 (specific TLs/SPs)
- IBM VIOS 3.1 & 4.1
- Service: **nimesis** (NIM master daemon) → often runs as root!

### CVSS v3.1 Vector (the scary one) 😱
```
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H → 10.0
```
Translation: “Internet stranger can own your AIX box with one packet”

### Exposed on the Internet? 🌐
- ~7.4 million AIX systems detectable (ZoomEye)
- ~8,600 active NIM services visible yearly (Hunter.io) → many unpatched!

### Patch Status (IBM dropped fixes FAST) 🛠️
- Interim fixes released Nov 12–13, 2025
- Download: https://aix.software.ibm.com/aix/efixes/security/nim_fix2.tar
- Key APARs: IJ55968, IJ56113, IJ56230, IJ55897
- Just run `emgr` or `installp` → reboot → you’re safe ✅

### Quick Workarounds (if you can’t patch today) ⚡
- Firewall NIM ports (default 1058/tcp) 🚧
- Enable TLS secure mode: `nimconfig -c` 🔒
- Disable NIM entirely if unused: `smitty nim` → stop master

### Detection Tips 🔍
- Check logs: `/var/adm/ras/nimesis.log`
- Verify fileset: `lslpp -L bos.sysmgt.nim.master`
- Scan with Nessus/Tenable → plugin ready!

### Social Buzz on X (Nov 13–17) 🐦
- “CVSS 10 RCE on AIX? Wake up, mainframe admins!” – @HunterMapping
- “7.4M exposed AIX boxes… someone’s getting owned this weekend” – @zoomeye_team
- “Chain it with key theft (CVE-2025-36096) → game over” – @PurpleOps_io

### Bottom Line 📢
If you run AIX or VIOS with NIM enabled → **patch TODAY**.  
This is the kind of 0-day that script kiddies dream about. Don’t be the headline.

Stay safe out there! 🛡️💙

File Snapshot


 [4.0K]  /data/pocs/5f62b16f94b14fa99d98e36dbfc04431b60ee6f6
└── [3.1K]  README.md

1 directory, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!