Skip to main content

Powervm Hypervisor CVE-2025-36035

MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2025-09-14 psirt@us.ibm.com
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:12 vuln.today
CVE Published
Sep 14, 2025 - 13:15 nvd
MEDIUM 6.7

DescriptionCVE.org

IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources.

AnalysisAI

IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources. Affected products include: Ibm Powervm Hypervisor.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set resource limits, implement rate limiting, validate input sizes.

CVE-2022-34331 CRITICAL
9.8 Nov 11

After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly conf

CVE-2021-38917 CRITICAL
9.1 Dec 10

IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and

CVE-2023-30438 HIGH
8.8 May 17

An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privile

CVE-2023-30440 HIGH
7.9 May 23

IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 thro

CVE-2023-25683 HIGH
7.5 Jun 15

IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.0

CVE-2022-22445 MEDIUM
6.5 Jul 18

An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise pa

CVE-2021-38937 MEDIUM
6.5 Dec 10

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a s

CVE-2025-36238 MEDIUM
6.0 Feb 02

Powervm Hypervisor versions up to fw950.00 contains a vulnerability that allows attackers to a local user with administr

CVE-2021-29795 MEDIUM
6.0 Sep 21

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of

CVE-2024-41781 MEDIUM
5.9 Nov 22

IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00

CVE-2025-0986 MEDIUM
4.5 Mar 28

IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certa

CVE-2021-20505 MEDIUM
4.4 Jul 29

The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange

Share

CVE-2025-36035 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy