{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-36035","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-04-15T21:16:09.684Z","datePublished":"2025-09-14T12:52:48.871Z","dateUpdated":"2025-09-15T15:59:00.889Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:o:ibm:power9_system_firmware:fw950.00:*:*:*:*:*:*:*","cpe:2.3:o:ibm:power9_system_firmware:fw950.E0:*:*:*:*:*:*:*","cpe:2.3:o:ibm:power9_system_firmware:fw1050.00:*:*:*:*:*:*:*","cpe:2.3:o:ibm:power9_system_firmware:fw1050.50:*:*:*:*:*:*:*","cpe:2.3:o:ibm:power9_system_firmware:fw1060.00:*:*:*:*:*:*:*","cpe:2.3:o:ibm:power9_system_firmware:fw1060.40:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"PowerVM Hypervisor","vendor":"IBM","versions":[{"lessThanOrEqual":"FW950.E0","status":"affected","version":"FW950.00","versionType":"semver"},{"lessThanOrEqual":"FW1050.50","status":"affected","version":"FW1050.00","versionType":"semver"},{"lessThanOrEqual":"FW1060.40","status":"affected","version":"FW1060.00","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources."}],"value":"IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-770","description":"CWE-770 Allocation of Resources Without Limits or Throttling","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-09-14T12:52:48.871Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7244813"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

Customers with the products below should install 950.E1(950_182)/950.F0(950_192) or newer to remediate this vulnerability.
Power 9

  1. IBM Power System L922 (9008-22L)
  2. IBM Power System S922 (9009-22A, 9009-22G)
  3. IBM Power System H922 (9223-22H, 9223-22S)
  4. IBM Power System S914 (9009-41A, 9009-41G)
  5. IBM Power System S924 (9009-42A, 9009-42G)
  6. IBM Power System H924 (9223-42H, 9223-42S)
  7. IBM Power System E950 (9040-MR9)
  8. IBM Power System E980 (9080-M9S)


Customers with the products below should install FW1050.51(1050_095)/FW1050.60(1050_090), FW1060.41(1060_120), or newer to remediate this vulnerability.
Power 10

  1. IBM Power System E1080 (9080-HEX)

 

Customers with the products below should install FW1050.51(1050_113)/FW1050.60(1050_108), FW1060.41(1060_120), or newer to remediate this vulnerability.
Power 10

  1. IBM Power System S1022 (9105-22A)
  2. IBM Power System S1024 (9105-42A)
  3. IBM Power System S1022s (9105-22B)
  4. IBM Power System S1014 (9105-41B)
  5. IBM Power System L1022 (9786-22H)
  6. IBM Power System L1024 (9786-42H)
  7. IBM Power System E1050 (9043-MRX)
  8. IBM Power System S1012 (9028-21B)
\n\n
"}],"value":"Customers with the products below should install 950.E1(950_182)/950.F0(950_192) or newer to remediate this vulnerability.\nPower 9\n\n * IBM Power System L922 (9008-22L)\n * IBM Power System S922 (9009-22A, 9009-22G)\n * IBM Power System H922 (9223-22H, 9223-22S)\n * IBM Power System S914 (9009-41A, 9009-41G)\n * IBM Power System S924 (9009-42A, 9009-42G)\n * IBM Power System H924 (9223-42H, 9223-42S)\n * IBM Power System E950 (9040-MR9)\n * IBM Power System E980 (9080-M9S)\n\nCustomers with the products below should install FW1050.51(1050_095)/FW1050.60(1050_090), FW1060.41(1060_120), or newer to remediate this vulnerability.\nPower 10\n\n * IBM Power System E1080 (9080-HEX)\n \n\nCustomers with the products below should install FW1050.51(1050_113)/FW1050.60(1050_108), FW1060.41(1060_120), or newer to remediate this vulnerability.\nPower 10\n\n * IBM Power System S1022 (9105-22A)\n * IBM Power System S1024 (9105-42A)\n * IBM Power System S1022s (9105-22B)\n * IBM Power System S1014 (9105-41B)\n * IBM Power System L1022 (9786-22H)\n * IBM Power System L1024 (9786-42H)\n * IBM Power System E1050 (9043-MRX)\n * IBM Power System S1012 (9028-21B)"}],"source":{"discovery":"UNKNOWN"},"title":"IBM PowerVM Hypervisor denial of service","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-15T15:58:51.498887Z","id":"CVE-2025-36035","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-15T15:59:00.889Z"}}]}}