IBM Warns of Critical AIX & VIOS Security Flaw, Root Access Possible
IBM has issued an urgent security alert for its AIX and VIOS systems, particularly those using Kerberos authentication. A critical vulnerability, including CVE-2025-36344, was discovered in early October 2025, allowing potential attackers to gain root access and compromise systems.
The vulnerability affects AIX 7.2 and 7.3, as well as VIOS 3.1 and 4.1. IBM warns that attackers can exploit this flaw to disrupt memory management and potentially inject and execute malicious code. IT administrators are urged to install available updates immediately to mitigate this risk.
IBM recommends creating a system backup before installing the updates. The company has provided updated RPM filesets to replace vulnerable versions of 'rpm.rte'. Administrators can obtain the RPM version for AIX 7.2 TL5, AIX 7.3 TL1, TL2, TL3, and VIOS 4.1 using specific commands.
IBM's recent patch addresses a critical security vulnerability in AIX and VIOS operating systems. IT administrators are advised to prioritise installing the updates to protect their systems from potential root attacks. Creating a system backup beforehand is also recommended.
