CVE-2025-36244 — External Initialization of Trusted Variables or Data Stores in IBM Vios

CWE-454 — External Initialization of Trusted Variables or Data Stores4 documents4 sources

Severity

5.5MEDIUMNVD

CNA7.4

EPSS

0.0%

top 98.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM AIX IBM Vios

Timeline

PublishedSep 16

Description

IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5ibm/vios3.1, 4.1+1

▶NVDibm/vios3.1, 4.1+1

▶CVEListV5ibm/aix7.2, 7.3+1

▶NVDibm/aix7.2, 7.3+1

🔴Vulnerability Details

CVEList

IBM AIX privilege escalation↗2025-09-16

▶

GHSA

GHSA-g3h8-wgx9-76x9: IBM AIX 7↗2025-09-16

▶

📋Vendor Advisories

Microsoft

net/sched: taprio: extend minimum interval restriction to entire cycle too↗2024-06-11

▶