{"api_version":"1","generated_at":"2026-06-07T06:06:12+00:00","cve":"CVE-2023-25683","urls":{"html":"https://cve.report/CVE-2023-25683","api":"https://cve.report/api/cve/CVE-2023-25683.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-25683","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-25683"},"summary":{"title":"CVE-2023-25683","description":"IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC.  IBM X-Force ID:  247592.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2023-06-15 01:15:00","updated_at":"2023-06-21 01:20:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.ibm.com/support/pages/node/7002721","name":"https://www.ibm.com/support/pages/node/7002721","refsource":"MISC","tags":[],"title":"Security Bulletin: This Power System update is being released to address CVE-2023-25683","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/247592","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/247592","refsource":"MISC","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-25683","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25683","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"25683","vulnerable":"1","versionEndIncluding":"fw1010.40","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ibm","cpe5":"powervm_hypervisor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"25683","vulnerable":"1","versionEndIncluding":"fw1020.20","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ibm","cpe5":"powervm_hypervisor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"25683","vulnerable":"1","versionEndIncluding":"fw1030.11","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ibm","cpe5":"powervm_hypervisor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"25683","vulnerable":"1","versionEndIncluding":"fw950.71","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ibm","cpe5":"powervm_hypervisor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-25683","ASSIGNER":"psirt@us.ibm.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC.  IBM X-Force ID:  247592."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor","cweId":"CWE-200"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"IBM","product":{"product_data":[{"product_name":"PowerVM Hypervisor","version":{"version_data":[{"version_affected":"<=","version_name":"FW950.00","version_value":"FW950.71"},{"version_affected":"<=","version_name":"FW1010.00","version_value":"FW1010.40"},{"version_affected":"<=","version_name":"FW1020.00","version_value":"FW1020.20"},{"version_affected":"<=","version_name":"FW1030.00","version_value":"FW1030.11"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.ibm.com/support/pages/node/7002721","refsource":"MISC","name":"https://www.ibm.com/support/pages/node/7002721"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/247592","refsource":"MISC","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/247592"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-06-15 01:15:00","lastModifiedDate":"2023-06-21 01:20:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*","versionStartIncluding":"fw1030","versionEndIncluding":"fw1030.11","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*","versionStartIncluding":"fw1020","versionEndIncluding":"fw1020.20","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*","versionStartIncluding":"fw950","versionEndIncluding":"fw950.71","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ibm:powervm_hypervisor:*:*:*:*:*:*:*:*","versionStartIncluding":"fw1010","versionEndIncluding":"fw1010.40","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}