CVE-2025-36238

CWE-4973 documents3 sources
Severity
6.0MEDIUM
EPSS
0.0%
top 99.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Powervm Hypervisor
Timeline
PublishedFeb 2
Latest updateFeb 3

Description

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 1.5 | Impact: 4.0

Affected Packages2 packages

CVEListV5ibm/powervm_hypervisorFW1110.00FW1110.03+2
NVDibm/powervm_hypervisor34 versions+33

🔴Vulnerability Details

2
GHSA
GHSA-wfpp-6h7f-cmmc: IBM PowerVM Hypervisor FW11102026-02-03
CVEList
Power System Exposure of Sensitive System Information2026-02-02
CVE-2025-36238 (MEDIUM CVSS 6) | IBM PowerVM Hypervisor FW1110.00 th | cvebase.io