CVE-2025-36238

Summary

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures.

Affected Software

VendorProductVersion RangeStatus
IBMPowerVM HypervisorFW1110.00 <= FW1110.03affected
IBMPowerVM HypervisorFW1060.00 <= FW1060.51affected
IBMPowerVM HypervisorFW950.00 <= FW950.F0affected

Weaknesses

  • CWE-497: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References