Primary

Context

IBM AIX and VIOS nimsh Service Command Execution Vulnerability

Vulnerability

A vulnerability in the SSL/TLS implementations of the nimsh service in IBM AIX versions 7.2 and 7.3, as well as IBM VIOS versions 3.1 and 4.1, could allow a remote attacker to execute arbitrary commands. This issue arises from improper process controls and introduces additional attack vectors for a vulnerability previously addressed in CVE-2024-56347.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands on the affected system.

Remediation

Users can download the necessary fixes from the IBM AIX and VIOS fix repositories. Instructions for verifying and installing these fixes are available in the AIX Security Bulletin.

Added: Nov 13, 2025, 10:24 PM

Updated: Nov 13, 2025, 10:24 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

7.0

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

7.0

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM AIX and VIOS nimsh Service Command Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM AIX

IBM VIOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating