CVE-2025-36238

MEDIUM
2026-02-02 [email protected]
6.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:01 vuln.today
CVE Published
Feb 02, 2026 - 23:15 nvd
MEDIUM 6.0

Tags

IBM Powervm Hypervisor

Description

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures.

Analysis

Powervm Hypervisor versions up to fw950.00 contains a vulnerability that allows attackers to a local user with administration privileges to obtain sensitive information from (CVSS 6.0).

Technical Context

exists in the a series of PowerVM component. IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures.

Affected Products

Vendor: Ibm. Product: Powervm Hypervisor. Versions: up to fw950.00. Component: a series of PowerVM.

Remediation

Monitor vendor advisories for a patch.

Priority Score

30
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +30
POC: 0

Share

CVE-2025-36238 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy