{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-36194","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-04-15T21:16:24.268Z","datePublished":"2026-02-02T22:01:36.083Z","dateUpdated":"2026-02-04T16:53:44.141Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:powervm_hypervisor:fw1110.00:*:*:*:*:*:*:*","cpe:2.3:a:ibm:powervm_hypervisor:fw1110.00.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:powervm_hypervisor:fw1110.03:*:*:*:*:*:*:*","cpe:2.3:a:ibm:powervm_hypervisor:fw1110.03.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:powervm_hypervisor:fw1060.00:*:*:*:*:*:*:*","cpe:2.3:a:ibm:powervm_hypervisor:fw1060.00.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:powervm_hypervisor:fw1060.51:*:*:*:*:*:*:*","cpe:2.3:a:ibm:powervm_hypervisor:fw1060.51.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:powervm_hypervisor:fw950.00:*:*:*:*:*:*:*","cpe:2.3:a:ibm:powervm_hypervisor:fw950.00.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:powervm_hypervisor:fw950.f0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:powervm_hypervisor:fw950.f0.0:*:*:*:*:*:*:*"],"product":"PowerVM Hypervisor","vendor":"IBM","versions":[{"lessThanOrEqual":"FW1110.03","status":"affected","version":"FW1110.00","versionType":"semver"},{"lessThanOrEqual":"FW1060.51","status":"affected","version":"FW1060.00","versionType":"semver"},{"lessThanOrEqual":"FW950.F0","status":"affected","version":"FW950.00","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations.

"}],"value":"IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":2.8,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1262","description":"CWE-1262 Improper Access Control for Register Interface","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2026-02-02T22:01:36.083Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7257555"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

Customers with the products below should install FW1110.10(1110_100), or newer to remediate this vulnerability.
Power 11

  1. IBM Power System E1180 (9080-HEU)

Customers with the products below should install FW1110.10(1110_116), or newer to remediate this vulnerability.
Power 11

  1. IBM Power System S1122 (9824-22A)
  2. IBM Power System S1124 (9824-42A)
  3. IBM Power System S1122s (9824-22B)
  4. IBM Power System S1114 (9824-41B)
  5. IBM Power System L1122 (9856-22H)
  6. IBM Power System L1124 (9856-42H)
  7. IBM Power System E1150 (9043-MRU)

Customers with the products below should install FW1060.52(1060_153)/FW1060.60(1060_158), or newer to remediate this vulnerability.
Power 10

  1. IBM Power System E1080 (9080-HEX)

Customers with the products below should install FW1060.52(1060_149), FW1060.60(1060_157), or newer to remediate this vulnerability.
Power 10

  1. IBM Power System S1022 (9105-22A)
  2. IBM Power System S1024 (9105-42A)
  3. IBM Power System S1022s (9105-22B)
  4. IBM Power System S1014 (9105-41B)
  5. IBM Power System L1022 (9786-22H)
  6. IBM Power System L1024 (9786-42H)
  7. IBM Power System E1050 (9043-MRX)
  8. IBM Power System S1012 (9028-21B) 

Customers with the products below should install 950.F1(950_194)/950.G0(950_203), or newer to remediate this vulnerability.
Power 9

  1. IBM Power System L922 (9008-22L)
  2. IBM Power System S922 (9009-22A, 9009-22G)
  3. IBM Power System H922 (9223-22H, 9223-22S)
  4. IBM Power System S914 (9009-41A, 9009-41G)
  5. IBM Power System S924 (9009-42A, 9009-42G)
  6. IBM Power System H924 (9223-42H, 9223-42S)
  7. IBM Power System E950 (9040-MR9)
  8. IBM Power System E980 (9080-M9S)

"}],"value":"Customers with the products below should install FW1110.10(1110_100), or newer to remediate this vulnerability.\nPower 11\n\n * IBM Power System E1180 (9080-HEU)\nCustomers with the products below should install FW1110.10(1110_116), or newer to remediate this vulnerability.\nPower 11\n\n * IBM Power System S1122 (9824-22A)\n * IBM Power System S1124 (9824-42A)\n * IBM Power System S1122s (9824-22B)\n * IBM Power System S1114 (9824-41B)\n * IBM Power System L1122 (9856-22H)\n * IBM Power System L1124 (9856-42H)\n * IBM Power System E1150 (9043-MRU)\nCustomers with the products below should install FW1060.52(1060_153)/FW1060.60(1060_158), or newer to remediate this vulnerability.\nPower 10\n\n * IBM Power System E1080 (9080-HEX)\nCustomers with the products below should install FW1060.52(1060_149), FW1060.60(1060_157), or newer to remediate this vulnerability.\nPower 10\n\n * IBM Power System S1022 (9105-22A)\n * IBM Power System S1024 (9105-42A)\n * IBM Power System S1022s (9105-22B)\n * IBM Power System S1014 (9105-41B)\n * IBM Power System L1022 (9786-22H)\n * IBM Power System L1024 (9786-42H)\n * IBM Power System E1050 (9043-MRX)\n * IBM Power System S1012 (9028-21B) \nCustomers with the products below should install 950.F1(950_194)/950.G0(950_203), or newer to remediate this vulnerability.\nPower 9\n\n * IBM Power System L922 (9008-22L)\n * IBM Power System S922 (9009-22A, 9009-22G)\n * IBM Power System H922 (9223-22H, 9223-22S)\n * IBM Power System S914 (9009-41A, 9009-41G)\n * IBM Power System S924 (9009-42A, 9009-42G)\n * IBM Power System H924 (9223-42H, 9223-42S)\n * IBM Power System E950 (9040-MR9)\n * IBM Power System E980 (9080-M9S)"}],"title":"This Power System update is being released to address","x_generator":{"engine":"ibm-cvegen"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-04T15:46:41.472201Z","id":"CVE-2025-36194","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-04T16:53:44.141Z"}}]}}