Skip to main content

Powervm Hypervisor CVE-2025-36238

MEDIUM
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
2026-02-02 psirt@us.ibm.com
6.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.0 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:01 vuln.today
CVE Published
Feb 02, 2026 - 23:15 nvd
MEDIUM 6.0

DescriptionCVE.org

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures.

AnalysisAI

Powervm Hypervisor versions up to fw950.00 contains a vulnerability that allows attackers to a local user with administration privileges to obtain sensitive information from (CVSS 6.0).

Technical ContextAI

exists in the a series of PowerVM component. IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2022-34331 CRITICAL
9.8 Nov 11

After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly conf

CVE-2021-38917 CRITICAL
9.1 Dec 10

IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and

CVE-2023-30438 HIGH
8.8 May 17

An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privile

CVE-2023-30440 HIGH
7.9 May 23

IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 thro

CVE-2023-25683 HIGH
7.5 Jun 15

IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.0

CVE-2022-22445 MEDIUM
6.5 Jul 18

An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise pa

CVE-2021-38937 MEDIUM
6.5 Dec 10

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a s

CVE-2021-29795 MEDIUM
6.0 Sep 21

IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of

CVE-2024-41781 MEDIUM
5.9 Nov 22

IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00

CVE-2025-0986 MEDIUM
4.5 Mar 28

IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certa

CVE-2021-20505 MEDIUM
4.4 Jul 29

The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange

CVE-2025-36035 MEDIUM
6.7 Sep 14

IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could all

Share

CVE-2025-36238 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy