<div style="display:inline;"> <img height="1" width="1" style="border-style:none;" alt="" src="//googleads.g.doubleclick.net/pagead/viewthroughconversion/1066880148/?value=0&amp;label=4oTQCMyJzwQQlJnd_AM&amp;guid=ON&amp;script=0">
Request More Info

«  View All Posts

Maximo Application Suite Security Bulletins Blog Feature
Darlene Nerden

By: Darlene Nerden on April 29th, 2025

Print/Save as PDF

Maximo Application Suite Security Bulletins

Maximo | IBM Maximo | Maximo Application Suite | Risk Management | Security Bulletins | Vulnerabilities | Cybersecurity | IBM Updates | Threat Mitigation | Software Patches | IT Security

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791 –

https://www.ibm.com/support/pages/node/7230241?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses spring-context-5.3.39.jar which is vulnerable to CVE-2024-38820 –

https://www.ibm.com/support/pages/node/7230258?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses urllib3-1.26.18-py2.py3-none-any.whl which is vulnerable to CVE-2024-37891 –

https://www.ibm.com/support/pages/node/7230256?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses multiple third party dependencies which is vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7230259?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in jinja2-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-27516) –

https://www.ibm.com/support/pages/node/7230451?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in pandas-2.2.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-9880) –

https://www.ibm.com/support/pages/node/7230553?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses UI: Bypass Client-Side Validation which is vulnerable to CVE-2023-43037 –

https://www.ibm.com/support/pages/node/7230567?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty which is vulnerable to CVE-2024-40094 –

https://www.ibm.com/support/pages/node/7230568?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses cxf-core-3.6.4.jar which is vulnerable to CVE-2025-23184 –

https://www.ibm.com/support/pages/node/7230463?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses multiple dependencies which is vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7230570?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses requests-2.31.0-py3-none-any.whl which is vulnerable to CVE-2024-35195 –

https://www.ibm.com/support/pages/node/7230834?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565 –

https://www.ibm.com/support/pages/node/7230837?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses requests-2.31.0-py3-none-any.whl which is vulnerable to CVE-2024-35195 –

https://www.ibm.com/support/pages/node/7230836?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to Microsoft LightGBM could allow a remote attacker to execute arbitrary code on the system –

https://www.ibm.com/support/pages/node/7230841?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Asset Data Dictionary uses jetty-http-9.4.48.v20220622.jar which is vulnerable to CVE-2024-6763 –

https://www.ibm.com/support/pages/node/7230462?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Asset Data Dictionary uses jackson-mapper-asl-1.9.2.jar which is vulnerable to CVE-2019-10172, CVE-2019-10202 –

https://www.ibm.com/support/pages/node/7230842?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in vitest-2.1.8.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-24963,CVE-2025-24964) –

https://www.ibm.com/support/pages/node/7230917?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791 –

https://www.ibm.com/support/pages/node/7230927?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses prismjs-1.29.0.tgz which is vulnerable to CVE-2024-53382 –

https://www.ibm.com/support/pages/node/7230929?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-12797 –

https://www.ibm.com/support/pages/node/7231157?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses netty-common-4.1.114.Final.jar which is vulnerable to CVE-2025-25193 –

https://www.ibm.com/support/pages/node/7231158?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-12797) –

https://www.ibm.com/support/pages/node/7231784?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Maximo Asset Management 7.6.1x Security Bulletins

IBM has released Maximo Asset Management Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle Oct 2024 CPU –

https://www.ibm.com/support/pages/node/7230554?myns=swgother&mynp=OCSSWT9A&mynp=OCSSKVFR&mynp=OCSSLLAM&mynp=OCSSG2D3&mynp=OCSS5RRF&mynp=OCSSLKT6&mynp=OCSSLL84&mynp=OCSSLL9Z&mynp=OCSSLL9G&mynp=OCSSLL8M&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSWT9A-OCSSKVFR-OCSSLLAM-OCSSG2D3-OCSS5RRF-OCSSLKT6-OCSSLL84-OCSSLL9Z-OCSSLL9G-OCSSLL8M-OCSSLKSJ-_-E

Security bulletin: Security Bulletin: IBM Maximo Asset Management is vulnerable to Server-Side Request Forgery (SSRF) + Information Disclosure (CVE-2025-2987) –

https://www.ibm.com/support/pages/node/7231390?myns=swgother&mynp=OCSSLLAM&mynp=OCSSLL84&mynp=OCSS5RRF&mynp=OCSSLL9Z&mynp=OCSSLL9G&mynp=OCSSLL8M&mynp=OCSSKVFR&mynp=OCSSWT9A&mynp=OCSSLKT6&mynp=OCSSG2D3&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSLLAM-OCSSLL84-OCSS5RRF-OCSSLL9Z-OCSSLL9G-OCSSLL8M-OCSSKVFR-OCSSWT9A-OCSSLKT6-OCSSG2D3-OCSSLKSJ-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (WebSphere Application Server traditional is vulnerable to SSRF) –

https://www.ibm.com/support/pages/node/7231786?myns=swgother&mynp=OCSSLL9Z&mynp=OCSSKVFR&mynp=OCSSG2D3&mynp=OCSSLKT6&mynp=OCSSLLAM&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLL84&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSLL9Z-OCSSKVFR-OCSSG2D3-OCSSLKT6-OCSSLLAM-OCSSLL8M-OCSSWT9A-OCSS5RRF-OCSSLL9G-OCSSLL84-OCSSLKSJ-_-E

Security bulletin: Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2025-2986) –

https://www.ibm.com/support/pages/node/7231785?myns=swgother&mynp=OCSSLL9G&mynp=OCSSKVFR&mynp=OCSSLKT6&mynp=OCSSLL84&mynp=OCSSG2D3&mynp=OCSSWT9A&mynp=OCSSLLAM&mynp=OCSSLKSJ&mynp=OCSS5RRF&mynp=OCSSLL9Z&mynp=OCSSLL8M&mync=E&cm_sp=swgother-_-OCSSLL9G-OCSSKVFR-OCSSLKT6-OCSSLL84-OCSSG2D3-OCSSWT9A-OCSSLLAM-OCSSLKSJ-OCSS5RRF-OCSSLL9Z-OCSSLL8M-_-E

Interloc White BG (1)-2

 

About Darlene Nerden

Darlene Nerden is a Maximo Operations and Support Engineer. She has worked with Maximo for over 30 years primarily on the infrastructure and systems side including installs, upgrades, performance tuning, etc. She has worked on a number of teams in the product lifecycle including QA, support, services, operations, etc. Darlene has been a key part of successful implementations and upgrades. She has also been an integral part in end-user acceptance of Maximo with key performance tuning and maintenance strategizes.