IBM AIX 7.2/7.3 + VIOS 3.1/4.1 Kerberos Init Elevates Privileges
CVE-2025-36244 Published on September 16, 2025
IBM AIX privilege escalation
IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.
Vulnerability Analysis
CVE-2025-36244 is exploitable with local system access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
External Initialization of Trusted Variables or Data Stores
The software initializes critical internal variables or data stores using inputs that can be modified by untrusted actors. A software system should be reluctant to trust variables that have been initialized outside of its trust boundary, especially if they are initialized by users. The variables may have been initialized incorrectly. If an attacker can initialize the variable, then they can influence what the vulnerable system will do.
Products Associated with CVE-2025-36244
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-36244 are published in these products:
Affected Versions
IBM AIX:- Version 7.2 is affected.
- Version 7.3 is affected.
- Version 3.1 is affected.
- Version 4.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.