CVE Alert: CVE-2025-36244 - IBM - AIX

CVE-2025-36244

HIGHNo exploitation known

IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.

CVSS v3.1 (7.4)

AV LOCAL · AC HIGH · PR NONE · UI NONE · S UNCHANGED

Vendor

IBM, IBM

Product

AIX, VIOS

Versions

7.2 | 7.3 | 3.1 | 4.1

CWE

CWE-454, CWE-454 External Initialization of Trusted Variables or Data Stores

Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Published

2025-09-16T14:38:08.632Z

Updated

2025-09-16T16:16:18.117Z

References

https://www.ibm.com/support/pages/node/7245092

AI Summary Analysis

Risk verdict

High risk local privilege escalation on IBM AIX and VIOS when Kerberos authentication is enabled; exploitation is not currently indicated as active, but the impact is severe if triggered.

Why this matters

A local attacker could escalate to root and subvert system integrity, persistence, or data confidentiality on hosts that participate in Kerberos networks. In enterprise environments where Kerberos is deployed across critical services, a single unpatched host could act as a foothold for broader compromise.

Most likely attack path

Exploitation relies on improper initialization of critical variables, enabling a non-privileged local user to write to root-owned files. No user interaction is required, and the attacker must already have local access; PR: NONE (no initial privileges), UI: NONE, AV: LOCAL. The scope is unchanged, so a single host compromise could enable lasting root access and potentially facilitate further intra-host actions or data access.

Who is most exposed

organisations running AIX 7.2/7.3 or VIOS 3.1/4.1 with Kerberos network authentication enabled, particularly on servers hosting databases, middleware, or virtualization layers.

Detection ideas

Alerts for non-root processes writing to root-owned files or directories.
Audit logs showing unexpected initialization of critical variables or changes to system configuration by non-privileged users.
Kerberos-related process initialisation events or overrides in kernel/system logs.
File integrity monitoring flagging changes to core system files.
Anomalous attempts to modify root-owned files without elevated privileges.

Mitigation and prioritisation

Apply the interim fix IJ55344s9a.250722.epkg.Z on AIX 7.2/7.3 and VIOS 3.1/4.1; install prerequisites first; verify SHA256 sums before use; test install in a staging environment.
Ensure a mksysb backup is available and bootable before patching; follow IBM’s preview/install workflow.
After patching, reboot if required and revalidate Kerberos configurations; monitor for related anomalies.
If immediate patching isn’t possible, implement compensating controls: restrict access to affected hosts, tighten Kerberos exposure, and enable enhanced auditing and file integrity monitoring.
Change-management: schedule downtime, validate prerequisites, and confirm stability post-patch.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.