CVE-2025-36125 in Hardware Management Console
Summary
by MITRE • 09/09/2025
IBM Hardware Management Console - Power 10.3.1050.0 and 11.1.1110.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 12/19/2025
The vulnerability identified as CVE-2025-36125 affects IBM Hardware Management Console versions 10.3.1050.0 and 11.1.1110.0, representing a critical stored cross-site scripting flaw that undermines the security posture of enterprise hardware management systems. This vulnerability resides within the web-based user interface of the management console, creating a persistent threat vector that can be exploited by authenticated attackers who possess legitimate access credentials to the system. The stored nature of this XSS vulnerability means that malicious JavaScript code injected by an attacker will persist within the application's database or storage mechanisms, executing every time a victim user accesses the affected interface, making it particularly dangerous for environments where multiple administrators interact with the console.
The technical implementation of this vulnerability stems from inadequate input validation and output encoding within the IBM Hardware Management Console's web interface components. When authenticated users submit data through web forms or interface elements that are subsequently stored and displayed without proper sanitization, the system fails to adequately escape or encode potentially malicious content. This allows attackers to inject JavaScript payloads that execute within the context of other users' browser sessions, leveraging the trust relationship that exists between legitimate users and the management console. The vulnerability specifically impacts the console's handling of user-supplied data in contexts where the application renders content without sufficient security controls to prevent code injection.
The operational impact of this vulnerability extends beyond simple script execution, creating potential pathways for credential theft and session hijacking within trusted network environments. An attacker with access to the console can craft malicious payloads that capture user credentials, session tokens, or other sensitive information transmitted through the web interface. The stored nature of the vulnerability means that once injected, the malicious code will execute automatically for any user who views the affected content, potentially compromising multiple administrator accounts over time. This threat is particularly severe in enterprise environments where the hardware management console serves as a central point of access for critical infrastructure management, making it a prime target for attackers seeking to establish persistent access to network resources.
Organizations affected by this vulnerability should implement immediate mitigations including enhanced input validation controls, comprehensive output encoding mechanisms, and regular security assessments of web application components. The implementation of content security policies and proper sanitization of user inputs represents the primary defensive measures against stored XSS attacks. Additionally, organizations should consider implementing network segmentation controls to limit access to the hardware management console to authorized personnel only, while maintaining detailed audit logs of all user activities within the system. Security teams should also conduct thorough penetration testing to identify any additional vectors that may exist within the broader IBM Hardware Management Console ecosystem. This vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws, and represents a significant concern under ATT&CK technique T1566 related to credential harvesting through web application attacks. Organizations must prioritize patching and validation of their console versions to address this persistent threat, as the long-term exposure of authenticated users to this vulnerability could result in substantial security breaches and unauthorized access to critical hardware infrastructure management functions.