CVE-2025-36125 is a stored Cross-Site Scripting (XSS) vulnerability affecting IBM Hardware Management Console (HMC) versions 10.3.1050.0 and 11.1.1110.0. The vulnerability arises from improper neutralization of input during web page generation (CWE-79), allowing an authenticated user to inject arbitrary JavaScript code into the web user interface. Because the malicious script is stored and executed within the context of the trusted HMC web application, it can alter intended functionality and potentially lead to sensitive information disclosure, such as credentials, within an authenticated session. The vulnerability requires the attacker to have authenticated access to the HMC, which is typically used to manage IBM Power Systems hardware. The CVSS v3.1 base score is 6.4 (medium severity), reflecting network attack vector, low attack complexity, and privileges required but no user interaction. The scope is changed, indicating that the vulnerability can affect components beyond the initially vulnerable module. No known exploits are currently reported in the wild, and no patches are linked yet. The vulnerability could be leveraged to compromise session integrity or escalate privileges by executing malicious scripts that manipulate the HMC interface or steal session tokens.

For European organizations utilizing IBM Power Systems managed via the Hardware Management Console, this vulnerability poses a moderate risk. The HMC is a critical management interface for hardware resources, and compromise could lead to unauthorized control or disclosure of sensitive operational data. Attackers exploiting this XSS flaw could hijack sessions, steal credentials, or manipulate management operations, potentially disrupting business-critical infrastructure. Given the reliance of many European enterprises and data centers on IBM Power Systems for mission-critical workloads, exploitation could impact confidentiality and integrity of management operations. However, the requirement for authenticated access limits exposure to insiders or attackers who have already breached perimeter defenses. The absence of known exploits reduces immediate risk but does not eliminate the threat. Organizations in sectors with stringent compliance requirements (e.g., finance, healthcare, government) could face regulatory and reputational consequences if this vulnerability is exploited.

1. Restrict authenticated access to the IBM HMC web interface strictly to trusted administrators and use strong multi-factor authentication to reduce the risk of unauthorized login. 2. Implement network segmentation and firewall rules to limit access to the HMC management interface only from secure, monitored administrative networks. 3. Monitor HMC logs and web interface activity for unusual or suspicious behavior indicative of attempted script injection or session hijacking. 4. Apply input validation and output encoding controls on any custom integrations or scripts interacting with the HMC web UI to prevent injection of malicious code. 5. Stay alert for IBM-issued patches or advisories addressing CVE-2025-36125 and apply updates promptly once available. 6. Consider deploying Web Application Firewalls (WAFs) with rules tuned to detect and block XSS payloads targeting the HMC interface. 7. Conduct regular security training for administrators to recognize phishing or social engineering attempts that could lead to credential compromise and subsequent exploitation of this vulnerability.