Skip to main content

Powervm Hypervisor CVE-2023-25683

HIGH
Information Exposure (CWE-200)
2023-06-15 psirt@us.ibm.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 15, 2023 - 01:15 nvd
HIGH 7.5

DescriptionNVD

IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592.

AnalysisAI

IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592. Affected products include: Ibm Powervm Hypervisor.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2022-34331 CRITICAL
9.8 Nov 11

After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly conf

CVE-2021-38917 CRITICAL
9.1 Dec 10

IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and

CVE-2023-30438 HIGH
8.8 May 17

An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privile

CVE-2023-30440 HIGH
7.9 May 23

IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 thro

CVE-2022-22445 MEDIUM
6.5 Jul 18

An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise pa

CVE-2021-38937 MEDIUM
6.5 Dec 10

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a s

CVE-2025-36238 MEDIUM
6.0 Feb 02

Powervm Hypervisor versions up to fw950.00 contains a vulnerability that allows attackers to a local user with administr

CVE-2021-29795 MEDIUM
6.0 Sep 21

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of

CVE-2024-41781 MEDIUM
5.9 Nov 22

IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00

CVE-2025-0986 MEDIUM
4.5 Mar 28

IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certa

CVE-2021-20505 MEDIUM
4.4 Jul 29

The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange

CVE-2025-36035 MEDIUM
6.7 Sep 14

IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could all

Share

CVE-2023-25683 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy