{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-36035", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:09.684Z", "datePublished": "2025-09-14T12:52:48.871Z", "dateUpdated": "2025-09-15T15:59:00.889Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:o:ibm:power9_system_firmware:fw950.00:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw950.E0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw1050.00:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw1050.50:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw1060.00:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw1060.40:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "PowerVM Hypervisor", "vendor": "IBM", "versions": [{"lessThanOrEqual": "FW950.E0", "status": "affected", "version": "FW950.00", "versionType": "semver"}, {"lessThanOrEqual": "FW1050.50", "status": "affected", "version": "FW1050.00", "versionType": "semver"}, {"lessThanOrEqual": "FW1060.40", "status": "affected", "version": "FW1060.00", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources."}], "value": "IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-09-14T12:52:48.871Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7244813"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Customers with the products below should install 950.E1(950_182)/950.F0(950_192) or newer to remediate this vulnerability.<br>Power 9</p><ol><li>IBM Power System L922 (9008-22L)</li><li>IBM Power System S922 (9009-22A, 9009-22G)</li><li>IBM Power System H922 (9223-22H, 9223-22S)</li><li>IBM Power System S914 (9009-41A, 9009-41G)</li><li>IBM Power System S924 (9009-42A, 9009-42G)</li><li>IBM Power System H924 (9223-42H, 9223-42S)</li><li>IBM Power System E950 (9040-MR9)</li><li>IBM Power System E980 (9080-M9S)</li></ol><p><br>Customers with the products below should install FW1050.51(1050_095)/FW1050.60(1050_090), FW1060.41(1060_120), or newer to remediate this vulnerability.<br>Power 10</p><ol><li>IBM Power System E1080 (9080-HEX)</li></ol><p>&nbsp;</p><p>Customers with the products below should install FW1050.51(1050_113)/FW1050.60(1050_108), FW1060.41(1060_120), or newer to remediate this vulnerability.<br>Power 10</p><ol><li>IBM Power System S1022 (9105-22A)</li><li>IBM Power System S1024 (9105-42A)</li><li>IBM Power System S1022s (9105-22B)</li><li>IBM Power System S1014 (9105-41B)</li><li>IBM Power System L1022 (9786-22H)</li><li>IBM Power System L1024 (9786-42H)</li><li>IBM Power System E1050 (9043-MRX)</li><li>IBM Power System S1012 (9028-21B)</li></ol>\n\n<br>"}], "value": "Customers with the products below should install 950.E1(950_182)/950.F0(950_192) or newer to remediate this vulnerability.\nPower 9\n\n * IBM Power System L922 (9008-22L)\n * IBM Power System S922 (9009-22A, 9009-22G)\n * IBM Power System H922 (9223-22H, 9223-22S)\n * IBM Power System S914 (9009-41A, 9009-41G)\n * IBM Power System S924 (9009-42A, 9009-42G)\n * IBM Power System H924 (9223-42H, 9223-42S)\n * IBM Power System E950 (9040-MR9)\n * IBM Power System E980 (9080-M9S)\n\nCustomers with the products below should install FW1050.51(1050_095)/FW1050.60(1050_090), FW1060.41(1060_120), or newer to remediate this vulnerability.\nPower 10\n\n * IBM Power System E1080 (9080-HEX)\n\u00a0\n\nCustomers with the products below should install FW1050.51(1050_113)/FW1050.60(1050_108), FW1060.41(1060_120), or newer to remediate this vulnerability.\nPower 10\n\n * IBM Power System S1022 (9105-22A)\n * IBM Power System S1024 (9105-42A)\n * IBM Power System S1022s (9105-22B)\n * IBM Power System S1014 (9105-41B)\n * IBM Power System L1022 (9786-22H)\n * IBM Power System L1024 (9786-42H)\n * IBM Power System E1050 (9043-MRX)\n * IBM Power System S1012 (9028-21B)"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM PowerVM Hypervisor denial of service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-15T15:58:51.498887Z", "id": "CVE-2025-36035", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-15T15:59:00.889Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "IBM PowerVM Hypervisor denial of service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:o:ibm:power9_system_firmware:fw950.00:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw950.E0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw1050.00:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw1050.50:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw1060.00:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:power9_system_firmware:fw1060.40:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "PowerVM Hypervisor", "versions": [{"status": "affected", "version": "FW950.00", "versionType": "semver", "lessThanOrEqual": "FW950.E0"}, {"status": "affected", "version": "FW1050.00", "versionType": "semver", "lessThanOrEqual": "FW1050.50"}, {"status": "affected", "version": "FW1060.00", "versionType": "semver", "lessThanOrEqual": "FW1060.40"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Customers with the products below should install 950.E1(950_182)/950.F0(950_192) or newer to remediate this vulnerability.\nPower 9\n\n * IBM Power System L922 (9008-22L)\n * IBM Power System S922 (9009-22A, 9009-22G)\n * IBM Power System H922 (9223-22H, 9223-22S)\n * IBM Power System S914 (9009-41A, 9009-41G)\n * IBM Power System S924 (9009-42A, 9009-42G)\n * IBM Power System H924 (9223-42H, 9223-42S)\n * IBM Power System E950 (9040-MR9)\n * IBM Power System E980 (9080-M9S)\n\nCustomers with the products below should install FW1050.51(1050_095)/FW1050.60(1050_090), FW1060.41(1060_120), or newer to remediate this vulnerability.\nPower 10\n\n * IBM Power System E1080 (9080-HEX)\n\u00a0\n\nCustomers with the products below should install FW1050.51(1050_113)/FW1050.60(1050_108), FW1060.41(1060_120), or newer to remediate this vulnerability.\nPower 10\n\n * IBM Power System S1022 (9105-22A)\n * IBM Power System S1024 (9105-42A)\n * IBM Power System S1022s (9105-22B)\n * IBM Power System S1014 (9105-41B)\n * IBM Power System L1022 (9786-22H)\n * IBM Power System L1024 (9786-42H)\n * IBM Power System E1050 (9043-MRX)\n * IBM Power System S1012 (9028-21B)", "supportingMedia": [{"type": "text/html", "value": "<p>Customers with the products below should install 950.E1(950_182)/950.F0(950_192) or newer to remediate this vulnerability.<br>Power 9</p><ol><li>IBM Power System L922 (9008-22L)</li><li>IBM Power System S922 (9009-22A, 9009-22G)</li><li>IBM Power System H922 (9223-22H, 9223-22S)</li><li>IBM Power System S914 (9009-41A, 9009-41G)</li><li>IBM Power System S924 (9009-42A, 9009-42G)</li><li>IBM Power System H924 (9223-42H, 9223-42S)</li><li>IBM Power System E950 (9040-MR9)</li><li>IBM Power System E980 (9080-M9S)</li></ol><p><br>Customers with the products below should install FW1050.51(1050_095)/FW1050.60(1050_090), FW1060.41(1060_120), or newer to remediate this vulnerability.<br>Power 10</p><ol><li>IBM Power System E1080 (9080-HEX)</li></ol><p>&nbsp;</p><p>Customers with the products below should install FW1050.51(1050_113)/FW1050.60(1050_108), FW1060.41(1060_120), or newer to remediate this vulnerability.<br>Power 10</p><ol><li>IBM Power System S1022 (9105-22A)</li><li>IBM Power System S1024 (9105-42A)</li><li>IBM Power System S1022s (9105-22B)</li><li>IBM Power System S1014 (9105-41B)</li><li>IBM Power System L1022 (9786-22H)</li><li>IBM Power System L1024 (9786-42H)</li><li>IBM Power System E1050 (9043-MRX)</li><li>IBM Power System S1012 (9028-21B)</li></ol>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7244813", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources.", "supportingMedia": [{"type": "text/html", "value": "IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-09-14T12:52:48.871Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36035", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-15T15:58:51.498887Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-09-15T15:58:55.264Z"}}]}, "cveMetadata": {"cveId": "CVE-2025-36035", "state": "PUBLISHED", "dateUpdated": "2025-09-14T12:52:48.871Z", "dateReserved": "2025-04-15T21:16:09.684Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-09-14T12:52:48.871Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources."}], "id": "CVE-2025-36035", "lastModified": "2025-09-15T15:21:42.937", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.7, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-09-14T13:15:32.450", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7244813"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}