Maximo Application Suite Security Bulletins

By: Darlene Nerden on July 2nd, 2025

Maximo Application Suite Security Bulletins

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: Maximo AI Service Component: Spring Security Aspects may not correctly locate method security annotations on private methods –

https://www.ibm.com/support/pages/node/7235730?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025- Includes Oracle Apr 2025 CPU –

https://www.ibm.com/support/pages/node/7235945?myns=swgother&mynp=OCSSLL9G&mynp=OCSS5RRF&mynp=OCSSLLAM&mynp=OCSSLKT6&mynp=OCSSLL84&mynp=OCSSLL8M&mynp=OCSSG2D3&mynp=OCSSKVFR&mynp=OCSSLL9Z&mynp=OCSSWT9A&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSLL9G-OCSS5RRF-OCSSLLAM-OCSSLKT6-OCSSLL84-OCSSLL8M-OCSSG2D3-OCSSKVFR-OCSSLL9Z-OCSSWT9A-OCSSLKSJ-_-E

Security bulletin: Security Bulletin: IBM Java: Two OpenJ9 internal ASCII to EBCDIC string wrapper vulnerabilities on z/OS (CVE-2025-1470,CVE-2025-1471,CWE-787) –

https://www.ibm.com/support/pages/node/7235947?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-33104) –

https://www.ibm.com/support/pages/node/7235948?myns=swgother&mynp=OCSSLL9Z&mynp=OCSSLKSJ&mynp=OCSSKVFR&mynp=OCSSG2D3&mynp=OCSSLLAM&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLL84&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLL9Z-OCSSLKSJ-OCSSKVFR-OCSSG2D3-OCSSLLAM-OCSSLL8M-OCSSWT9A-OCSS5RRF-OCSSLL9G-OCSSLL84-OCSSLKT6-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector is vulnerable to next-15.1.7.tgz CVE-2025-29927 –

https://www.ibm.com/support/pages/node/7236779?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector is vulnerable to axios-1.7.7.tgz, axios-1.7.9.tgz CVE-2025-27152 –

https://www.ibm.com/support/pages/node/7237295?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.9.tgz CVE-2025-27152 –

https://www.ibm.com/support/pages/node/7237336?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple nodejs pacakges which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791" –

https://www.ibm.com/support/pages/node/7237928?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple Python packages which is vulnerable to "CVE-2022-40897, CVE-2024-6345" –

https://www.ibm.com/support/pages/node/7237930?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Truststore Manager uses cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-12797. –

https://www.ibm.com/support/pages/node/7237923?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152 –

https://www.ibm.com/support/pages/node/7237932?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple nodejs pacakges which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791" –

https://www.ibm.com/support/pages/node/7237933?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses jinja2-3.1.5-py3-none-any.whl and prismjs-1.29.0.tgz which is vulnerable to CVE-2025-27516 and CVE-2024-53382 This bulletin contains information regarding the vulnerability and its fixture. –

https://www.ibm.com/support/pages/node/7237931?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple Python packages which is vulnerable to "CVE-2024-3651, CVE-2023-32681, CVE-2024-35195, CVE-2024-37891" –

https://www.ibm.com/support/pages/node/7237927?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

https://www.ibm.com/support/pages/node/7237926?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT Component uses jetty-http-10.0.22.jar and jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516 and CVE-2024-6763 –

https://www.ibm.com/support/pages/node/7237938?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses runtime-7.20.13.tgz which is vulnerable to CVE-2025-27789. –

https://www.ibm.com/support/pages/node/7237937?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Truststore Manager uses jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516. –

https://www.ibm.com/support/pages/node/7237939?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-24010 –

https://www.ibm.com/support/pages/node/7237940?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-32395 –

https://www.ibm.com/support/pages/node/7237955?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses commons-io: 2.7 which is vulnerable to CVE-2024-47554 –

https://www.ibm.com/support/pages/node/7237956?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.18.tgz CVE-2025-46565 vulnerability –

https://www.ibm.com/support/pages/node/7237961?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-31486 –

Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-31486

Security bulletin: Security Bulletin: There is a vulnerability in poi-ooxml-5.3.0.jarused by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-31672) –

https://www.ibm.com/support/pages/node/7238116?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in flask-3.1.0-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-47278) –

https://www.ibm.com/support/pages/node/7238117?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in prism-1.28.0.jsused by IBM Maximo Asset Management application ( CVE-2024-53382) –

https://www.ibm.com/support/pages/node/7238118?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses cookie-0.4.1.tgz which is vulnerable to CVE-2024-47764 –

https://www.ibm.com/support/pages/node/7238315?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-30208 –

https://www.ibm.com/support/pages/node/7238342?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.26.7.tgz which is vulnerable to CVE-2025-27789 –

https://www.ibm.com/support/pages/node/7238343?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses braces-3.0.2.tgz which is vulnerable to CVE-2024-4068 –

https://www.ibm.com/support/pages/node/7238345?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-31125 –

https://www.ibm.com/support/pages/node/7238347?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses express-4.19.2.tgz which is vulnerable to CVE-2024-43796 –

https://www.ibm.com/support/pages/node/7238348?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses serialize-javascript-4.0.0.tgz which is vulnerable to CVE-2024-47554 –

https://www.ibm.com/support/pages/node/7238344?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses body-parser-1.19.2.tgz which is vulnerable to CVE-2024-45590 –

https://www.ibm.com/support/pages/node/7238490?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067 –

https://www.ibm.com/support/pages/node/7238489?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-21538 –

https://www.ibm.com/support/pages/node/7238492?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses send-0.18.0.tgz which is vulnerable to CVE-2024-43799 –

Security Bulletin: IBM Maximo Application Suite - Manage Component uses send-0.18.0.tgz which is vulnerable to CVE-2024-43799

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses ws-7.5.9.tgz which is vulnerable to CVE-2024-37890 –

https://www.ibm.com/support/pages/node/7238497?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses serve-static-1.15.0.tgz which is vulnerable to CVE-2024-43800 –

https://www.ibm.com/support/pages/node/7238495?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.20.6.tgz which is vulnerable to CVE-2025-27789 –

https://www.ibm.com/support/pages/node/7238499?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798 –

https://www.ibm.com/support/pages/node/7238496?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565 –

https://www.ibm.com/support/pages/node/7238500?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses runtime-7.26.0.tgz which is vulnerable to CVE-2025-27789 –

https://www.ibm.com/support/pages/node/7238501?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255 –

Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255

If you have questions about how these vulnerabilities may impact your current Maximo Application Suite environment—or need support addressing them—please reach out to our team at info@interlocsolutions.com.

We're here to help you stay secure, compliant, and confident in your Maximo deployment.

About Darlene Nerden

Darlene Nerden is a Maximo Operations and Support Engineer. She has worked with Maximo for over 30 years primarily on the infrastructure and systems side including installs, upgrades, performance tuning, etc. She has worked on a number of teams in the product lifecycle including QA, support, services, operations, etc. Darlene has been a key part of successful implementations and upgrades. She has also been an integral part in end-user acceptance of Maximo with key performance tuning and maintenance strategizes.

Maximo Consulting

Products and Technologies

Industries

Helpful Links

Mobile Informer Apps

Helpful Links

Maximo Consulting

Products and Technologies

Industries

Helpful Links

Mobile Informer Apps

Helpful Links

Maximo Application Suite Security Bulletins

About Darlene Nerden