CVE-2025-36238

MEDIUM

IBM PowerVM Hypervisor - Info Disclosure

Title source: llm

Description

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures.

References (1)

[Various Sources] https://www.ibm.com/support/pages/node/7257556

Scores

CVSS v3 6.0

EPSS 0.0001

EPSS Percentile 0.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-497

Status published

Products (34)

ibm/powervm_hypervisor fw950.00

ibm/powervm_hypervisor fw950.10

ibm/powervm_hypervisor fw950.11

ibm/powervm_hypervisor fw950.20

ibm/powervm_hypervisor fw950.30

ibm/powervm_hypervisor fw950.40

ibm/powervm_hypervisor fw950.50

ibm/powervm_hypervisor fw950.60

ibm/powervm_hypervisor fw950.70

ibm/powervm_hypervisor fw950.71

... and 24 more

Published Feb 02, 2026

Tracked Since Feb 18, 2026