Security Bulletin: Multiple vulnerabilities in Python affect AIX

Summary Vulnerabilities in Python could allow a null pointer dereference CVE-2026-32776, CVE-2026-32778, an infinite loop CVE-2026-32777, or impact availability CVE-2025-12084. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2026-32776...

Multiple vulnerabilities in PostgreSQL affect PowerVM VIOS

IBM SECURITY ADVISORY First Issued: Thu Apr 2 15:29:58 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/postgresadvisory.asc Security Bulletin: Multiple vulnerabilities in PostgreSQL affect PowerVM VIOS...

Security Bulletin: AIX/VIOS Perl is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)

Summary Vulnerabilities in Perl could cause a null pointer dereference CVE-2026-24515 or an integer overflow CVE-2026-25210. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2026-24515 DESCRIPTION: In libexpat before 2.7.4, XMLExternalEntityParserCreate does n...

Security Bulletin: AIX/VIOS Python is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)

Summary Vulnerabilities in Python could cause a null pointer dereference CVE-2026-24515 or an integer overflow CVE-2026-25210. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2026-24515 DESCRIPTION: In libexpat before 2.7.4,...

AIX Perl is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)

IBM SECURITY ADVISORY First Issued: Tue Mar 17 15:13:56 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/perladvisory13.asc Security Bulletin: AIX Perl is vulnerable to a null pointer dereference CVE-2026-24515 and an integer...

Security Bulletin: Vulnerability in libxml2 (CVE-2025-8732) affects AIX/VIOS

Summary Updated Mar 13 2026: Added iFix information for VIOS 3.1. Vulnerability in libxml2 could cause an uncontrolled recursion CVE-2025-8732. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2025-8732 DESCRIPTION: A vulnerability was found in libxml2 up to...

Security Bulletin: AIX Xorg X Server is vulnerable to memory corruption or a denial of service (CVE-2025-62230, CVE-2025-62231)

Summary Updated Feb 24 2026: New iFix for 7.3 TL3 SP2 provided with correct fileset prereqs. Updated the affected fileset levels to show that 7.3 TL3 SP2 is vulnerable. Vulnerabilities in Xorg X Server could cause a memory corruption or denial of service CVE-2025-62230, CVE-2025-62231...

Security Bulletin: AIX/VIOS is vulnerable to denial of service and possible code execution due to Perl (WS-2025-0004)

Summary Vulnerability in Perl could allow an attacker to cause a denial of service or possibly execute code WS-2025-0004. AIX uses Perl in various operating system components. Vulnerability Details ID:WS-2025-0004 DESCRIPTION: Fix a class of false positives where input should have been rejected...

AIX is vulnerable to denial of service and possible code execution due to Perl (WS-2025-0004)

IBM SECURITY ADVISORY First Issued: Thu Feb 5 15:13:54 CST 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/perladvisory12.asc Security Bulletin: AIX is vulnerable to denial of service and possible code execution due to Perl...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21855)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21855 advisory. - In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Don't reference skb after sendi...

CVE-2023-45175

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 267973...

AIX is vulnerable to potential code execution (CVE-2025-61984 CVE-2025-61985) due to OpenSSH

IBM SECURITY ADVISORY First Issued: Tue Jan 6 13:47:51 CST 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opensshadvisory20.asc Security Bulletin: AIX is vulnerable to potential code execution CVE-2025-61984, CVE-2025-61985 due to...

Vulnerabilities fixed in IBM AIX

IBM has fixed vulnerabilities in IBM AIX versions 7.2 and 7.3, as well as in IBM VIOS versions 3.1 and 4.1. The vulnerabilities are related to the insecure storage of NIM private keys, making systems vulnerable to man-in-the-middle attacks. Attackers can also send specially crafted URL requests,...

AIX : Multiple Vulnerabilities (IJ56230)

The version of AIX installed on the remote host is prior to APAR IJ56230. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ56230 advisory. - IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute...

CVE-2025-36236

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server formerly known as NIM master service nimesis could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system...

CVE-2025-36250

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server formerly known as NIM master service nimesis could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in...

CVE-2025-36096

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques...

CVE-2025-36251

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347...

EUVD-2025-180540

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques...

EUVD-2025-180539

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server formerly known as NIM master service nimesis could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in...