IBM Product Security Update Advisory

Nov 24 2025

Overview

We have released a security update to fix vulnerabilities in IBM products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-36072

IBM webMethods Integration (on prem) Version: 10.11 or later IS_10.11_Core_Fix22 or earlier
IBM webMethods Integration (on prem) Version: 10.15 or later IS_10.15_Core_Fix22 or earlier
IBM webMethods Integration (on prem) version: 11.1 or later IS_11.1_Core_Fix6 or later

CVE-2025-36096, CVE-2025-36250, CVE-2025-36251, CVE-2025-36236

AIX Version: 7.2
AIX Version: 7.3
VIOS Version: 3.1
VIOS Version: 4.1

Resolved Vulnerabilities

Arbitrary code execution vulnerability in IBM webMethods Integration (CVE-2025-36072)
NIM Private Key Exposure Vulnerability in IBM AIX (CVE-2025-36096)
Arbitrary code execution vulnerability in IBM AIX NIM server (CVE-2025-36250)
Arbitrary code execution vulnerability in IBM AIX nimsh (CVE-2025-36251)
Path traversal vulnerability in IBM AIX NIM server (CVE-2025-36236)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-36072

IBM webMethods Integration (on prem) version: IS_10.11_Core_Fix23 or later
IBM webMethods Integration (on prem) version: IS_10.15_Core_Fix23 or later
IBM webMethods Integration (on prem) version: IS_11.1_Core_Fix7 or later

CVE-2025-36096, CVE-2025-36250, CVE-2025-36251, CVE-2025-36236

AIX for NIM Client versions (7.2.5.8 or later and 7.2.5.10 or earlier): IJ55968mAa.251112.epkg.Z
AIX for NIM Client versions (7.3.1.3 or later and 7.3.1.4 or earlier): IJ56230m4a.251112.epkg.Z
AIX for NIM Client versions (7.3.2.2 or later and 7.3.2.4 or earlier): IJ56113m4a.251112.epkg.Z
AIX for NIM Client version (7.3.3.0 or later and 7.3.3.1 or earlier): IJ55897m1a.251112.epkg.Z

AIX for NIM Server version (7.2.5.8 or later and 7.2.5.10 or earlier): IJ55968mAb.251112.epkg.Z
AIX for NIM Server versions (7.3.1.3 or later and 7.3.1.4 or earlier): IJ56230m4b.251112.epkg.Z
AIX for NIM Server version (7.3.2.2 or later and 7.3.2.4 or earlier): IJ56113m4b.251112.epkg.Z
AIX for NIM Server version (7.3.3.0 or later and 7.3.3.1 or earlier): IJ55897m1b.251112.epkg.Z

VIOS versions: see reference site for updates [2]

References

[1] Security Bulletin: IBM webMethods Integration (on prem) is affected by arbitrary code execution
https://www.ibm.com/support/pages/node/7252090
[2] Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2025-36251, CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236)
https://www.ibm.com/support/pages/node/7251173

IBM Product Security Update Advisory

Milvus Security Update Advisory (CVE-2025-64513)

MS Family November 2025 Secondary Security Update Advisory

Tags:

Milvus Security Update Advisory (CVE-2025-64513)

MS Family November 2025 Secondary Security Update Advisory