{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-36035", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:09.684Z", "datePublished": "2025-09-14T12:52:48.871Z", "dateUpdated": "2025-09-15T15:59:00.889Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:o:ibm:power9_system_firmware:fw950.00:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw950.E0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw1050.00:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw1050.50:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw1060.00:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw1060.40:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "PowerVM Hypervisor", "vendor": "IBM", "versions": [{"lessThanOrEqual": "FW950.E0", "status": "affected", "version": "FW950.00", "versionType": "semver"}, {"lessThanOrEqual": "FW1050.50", "status": "affected", "version": "FW1050.00", "versionType": "semver"}, {"lessThanOrEqual": "FW1060.40", "status": "affected", "version": "FW1060.00", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources."}], "value": "IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-09-14T12:52:48.871Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7244813"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Customers with the products below should install 950.E1(950_182)/950.F0(950_192) or newer to remediate this vulnerability.<br>Power 9</p><ol><li>IBM Power System L922 (9008-22L)</li><li>IBM Power System S922 (9009-22A, 9009-22G)</li><li>IBM Power System H922 (9223-22H, 9223-22S)</li><li>IBM Power System S914 (9009-41A, 9009-41G)</li><li>IBM Power System S924 (9009-42A, 9009-42G)</li><li>IBM Power System H924 (9223-42H, 9223-42S)</li><li>IBM Power System E950 (9040-MR9)</li><li>IBM Power System E980 (9080-M9S)</li></ol><p><br>Customers with the products below should install FW1050.51(1050_095)/FW1050.60(1050_090), FW1060.41(1060_120), or newer to remediate this vulnerability.<br>Power 10</p><ol><li>IBM Power System E1080 (9080-HEX)</li></ol><p>&nbsp;</p><p>Customers with the products below should install FW1050.51(1050_113)/FW1050.60(1050_108), FW1060.41(1060_120), or newer to remediate this vulnerability.<br>Power 10</p><ol><li>IBM Power System S1022 (9105-22A)</li><li>IBM Power System S1024 (9105-42A)</li><li>IBM Power System S1022s (9105-22B)</li><li>IBM Power System S1014 (9105-41B)</li><li>IBM Power System L1022 (9786-22H)</li><li>IBM Power System L1024 (9786-42H)</li><li>IBM Power System E1050 (9043-MRX)</li><li>IBM Power System S1012 (9028-21B)</li></ol>\n\n<br>"}], "value": "Customers with the products below should install 950.E1(950_182)/950.F0(950_192) or newer to remediate this vulnerability.\nPower 9\n\n * IBM Power System L922 (9008-22L)\n * IBM Power System S922 (9009-22A, 9009-22G)\n * IBM Power System H922 (9223-22H, 9223-22S)\n * IBM Power System S914 (9009-41A, 9009-41G)\n * IBM Power System S924 (9009-42A, 9009-42G)\n * IBM Power System H924 (9223-42H, 9223-42S)\n * IBM Power System E950 (9040-MR9)\n * IBM Power System E980 (9080-M9S)\n\nCustomers with the products below should install FW1050.51(1050_095)/FW1050.60(1050_090), FW1060.41(1060_120), or newer to remediate this vulnerability.\nPower 10\n\n * IBM Power System E1080 (9080-HEX)\n\u00a0\n\nCustomers with the products below should install FW1050.51(1050_113)/FW1050.60(1050_108), FW1060.41(1060_120), or newer to remediate this vulnerability.\nPower 10\n\n * IBM Power System S1022 (9105-22A)\n * IBM Power System S1024 (9105-42A)\n * IBM Power System S1022s (9105-22B)\n * IBM Power System S1014 (9105-41B)\n * IBM Power System L1022 (9786-22H)\n * IBM Power System L1024 (9786-42H)\n * IBM Power System E1050 (9043-MRX)\n * IBM Power System S1012 (9028-21B)"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM PowerVM Hypervisor denial of service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-15T15:58:51.498887Z", "id": "CVE-2025-36035", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-15T15:59:00.889Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "IBM PowerVM Hypervisor denial of service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:o:ibm:power9_system_firmware:fw950.00:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw950.E0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw1050.00:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw1050.50:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw1060.00:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw1060.40:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "PowerVM Hypervisor", "versions": [{"status": "affected", "version": "FW950.00", "versionType": "semver", "lessThanOrEqual": "FW950.E0"}, {"status": "affected", "version": "FW1050.00", "versionType": "semver", "lessThanOrEqual": "FW1050.50"}, {"status": "affected", "version": "FW1060.00", "versionType": "semver", "lessThanOrEqual": "FW1060.40"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Customers with the products below should install 950.E1(950_182)/950.F0(950_192) or newer to remediate this vulnerability.\nPower 9\n\n * IBM Power System L922 (9008-22L)\n * IBM Power System S922 (9009-22A, 9009-22G)\n * IBM Power System H922 (9223-22H, 9223-22S)\n * IBM Power System S914 (9009-41A, 9009-41G)\n * IBM Power System S924 (9009-42A, 9009-42G)\n * IBM Power System H924 (9223-42H, 9223-42S)\n * IBM Power System E950 (9040-MR9)\n * IBM Power System E980 (9080-M9S)\n\nCustomers with the products below should install FW1050.51(1050_095)/FW1050.60(1050_090), FW1060.41(1060_120), or newer to remediate this vulnerability.\nPower 10\n\n * IBM Power System E1080 (9080-HEX)\n\u00a0\n\nCustomers with the products below should install FW1050.51(1050_113)/FW1050.60(1050_108), FW1060.41(1060_120), or newer to remediate this vulnerability.\nPower 10\n\n * IBM Power System S1022 (9105-22A)\n * IBM Power System S1024 (9105-42A)\n * IBM Power System S1022s (9105-22B)\n * IBM Power System S1014 (9105-41B)\n * IBM Power System L1022 (9786-22H)\n * IBM Power System L1024 (9786-42H)\n * IBM Power System E1050 (9043-MRX)\n * IBM Power System S1012 (9028-21B)", "supportingMedia": [{"type": "text/html", "value": "<p>Customers with the products below should install 950.E1(950_182)/950.F0(950_192) or newer to remediate this vulnerability.<br>Power 9</p><ol><li>IBM Power System L922 (9008-22L)</li><li>IBM Power System S922 (9009-22A, 9009-22G)</li><li>IBM Power System H922 (9223-22H, 9223-22S)</li><li>IBM Power System S914 (9009-41A, 9009-41G)</li><li>IBM Power System S924 (9009-42A, 9009-42G)</li><li>IBM Power System H924 (9223-42H, 9223-42S)</li><li>IBM Power System E950 (9040-MR9)</li><li>IBM Power System E980 (9080-M9S)</li></ol><p><br>Customers with the products below should install FW1050.51(1050_095)/FW1050.60(1050_090), FW1060.41(1060_120), or newer to remediate this vulnerability.<br>Power 10</p><ol><li>IBM Power System E1080 (9080-HEX)</li></ol><p>&nbsp;</p><p>Customers with the products below should install FW1050.51(1050_113)/FW1050.60(1050_108), FW1060.41(1060_120), or newer to remediate this vulnerability.<br>Power 10</p><ol><li>IBM Power System S1022 (9105-22A)</li><li>IBM Power System S1024 (9105-42A)</li><li>IBM Power System S1022s (9105-22B)</li><li>IBM Power System S1014 (9105-41B)</li><li>IBM Power System L1022 (9786-22H)</li><li>IBM Power System L1024 (9786-42H)</li><li>IBM Power System E1050 (9043-MRX)</li><li>IBM Power System S1012 (9028-21B)</li></ol>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7244813", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources.", "supportingMedia": [{"type": "text/html", "value": "IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-09-14T12:52:48.871Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36035", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-15T15:58:51.498887Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-09-15T15:58:55.264Z"}}]}, "cveMetadata": {"cveId": "CVE-2025-36035", "state": "PUBLISHED", "dateUpdated": "2025-09-14T12:52:48.871Z", "dateReserved": "2025-04-15T21:16:09.684Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-09-14T12:52:48.871Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "C075224C-3299-4E1F-BC3B-11EB6BDCF705", "versionEndIncluding": "FW950.E0", "versionStartIncluding": "FW950.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:power_system_e950_\\(9040-mr9\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF58E5C-0A54-4F2F-A426-0BFD1EACE991", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_e980_\\(9080-m9s\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "9BE56BD8-DB0F-4151-9428-42F1B6452D99", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_h922_\\(9223-22h\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "633D5D2E-300A-4896-8F90-57F9B7AFE01E", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_h922_\\(9223-22s\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "E7851003-8D6B-4FE8-87D7-BE968E85E448", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_h924_\\(\\(9223-42s\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "D1F77E3F-524F-491E-AE7B-FAEE4DC251F6", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_h924_\\(9223-42h\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "24CC25C2-BE64-4022-A229-D639CED27B00", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_l922_\\(9008-22l\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "61493605-7807-498B-9DD7-48B244AD0415", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_s914_\\(9009-41a\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "5D9CA070-A7E4-451A-9C3C-D2622E7A9A92", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_s914_\\(9009-41g\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "003F591A-ACCD-497E-BF8A-DE090321D778", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_s922_\\(9009-22a\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "8AB350B1-3964-485A-AAB3-55558DD375BD", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_s922_\\(9009-22g\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "95E5E77F-A5BB-46E7-B6B6-B02F242DE829", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_s924_\\(9009-42a\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "65A41386-AAE5-409C-9355-2EEB07F01926", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_s924_\\(9009-42g\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "4038C5DB-DF9C-4661-9590-F6A0CD4D15D5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B2026A2-926D-402B-8181-8AC2E90F4AC2", "versionEndIncluding": "FW1050.50", "versionStartIncluding": "FW1050.00", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "B633D94D-3566-44D8-BA35-62F7942E8DB5", "versionEndIncluding": "FW1060.40", "versionStartIncluding": "FW1060.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:power_system_e1080_\\(9080-hex\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "DF85251B-E02C-4293-98F0-D331BF51CAC4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B2026A2-926D-402B-8181-8AC2E90F4AC2", "versionEndIncluding": "FW1050.50", "versionStartIncluding": "FW1050.00", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "B633D94D-3566-44D8-BA35-62F7942E8DB5", "versionEndIncluding": "FW1060.40", "versionStartIncluding": "FW1060.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:power_system_e1050_\\(9043-mrx\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "061D193E-84BC-4DE7-96C4-B75D11769ED5", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_l1022_\\(9786-22h\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "B2C09090-C18F-464A-8DEF-E23B5990E2A4", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_l1024_\\(9786-42h\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "0170400B-89A7-4B44-9AA7-9A168C9CAE9C", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_s1012_\\(9028-21b\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "7BED85F2-8CCB-417C-A739-23828966A036", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_s1014_\\(9105-41b\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "ECD54B80-5754-4C19-AE0C-F539DEF96DCB", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_s1022_\\(9105-22a\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "E3E15C41-9CBD-4F66-A176-07B3E9BBD81D", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_s1022s_\\(9105-22b\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "564A665A-7B94-40CE-A4D9-CDD0CCF52B2E", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:power_system_s1024_\\(9105-42a\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "E49EE658-B8AE-48F7-A765-92BA3A630AA0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources."}], "id": "CVE-2025-36035", "lastModified": "2025-12-19T13:29:49.780", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.7, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-09-14T13:15:32.450", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7244813"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "psirt@us.ibm.com", "type": "Secondary"}]}

{}

{}