Skip to main content

Powervm Hypervisor CVE-2025-0986

MEDIUM
Improper Handling of Highly Compressed Data (Data Amplification) (CWE-409)
2025-03-28 psirt@us.ibm.com
4.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.5 MEDIUM
AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:33 vuln.today
CVE Published
Mar 28, 2025 - 14:15 nvd
MEDIUM 4.5

DescriptionCVE.org

IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration.

AnalysisAI

IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-409. IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration. Affected products include: Ibm Powervm Hypervisor.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-34331 CRITICAL
9.8 Nov 11

After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly conf

CVE-2021-38917 CRITICAL
9.1 Dec 10

IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and

CVE-2023-30438 HIGH
8.8 May 17

An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privile

CVE-2023-30440 HIGH
7.9 May 23

IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 thro

CVE-2023-25683 HIGH
7.5 Jun 15

IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.0

CVE-2022-22445 MEDIUM
6.5 Jul 18

An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise pa

CVE-2021-38937 MEDIUM
6.5 Dec 10

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a s

CVE-2025-36238 MEDIUM
6.0 Feb 02

Powervm Hypervisor versions up to fw950.00 contains a vulnerability that allows attackers to a local user with administr

CVE-2021-29795 MEDIUM
6.0 Sep 21

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of

CVE-2024-41781 MEDIUM
5.9 Nov 22

IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00

CVE-2021-20505 MEDIUM
4.4 Jul 29

The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange

CVE-2025-36035 MEDIUM
6.7 Sep 14

IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could all

Share

CVE-2025-0986 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy