IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.
Security bulletin: Security Bulletin: Maximo AI Service Component: Spring Security Aspects may not correctly locate method security annotations on private methods –
Security bulletin: Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025- Includes Oracle Apr 2025 CPU –
Security bulletin: Security Bulletin: IBM Java: Two OpenJ9 internal ASCII to EBCDIC string wrapper vulnerabilities on z/OS (CVE-2025-1470,CVE-2025-1471,CWE-787) –
Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-33104) –
Security bulletin: Security Bulletin: IBM Edge Data Collector is vulnerable to next-15.1.7.tgz CVE-2025-29927 –
Security bulletin: Security Bulletin: IBM Edge Data Collector is vulnerable to axios-1.7.7.tgz, axios-1.7.9.tgz CVE-2025-27152 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.9.tgz CVE-2025-27152 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple nodejs pacakges which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791" –
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple Python packages which is vulnerable to "CVE-2022-40897, CVE-2024-6345" –
Security bulletin: Security Bulletin: IBM Truststore Manager uses cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-12797. –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple nodejs pacakges which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791" –
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses jinja2-3.1.5-py3-none-any.whl and prismjs-1.29.0.tgz which is vulnerable to CVE-2025-27516 and CVE-2024-53382 This bulletin contains information regarding the vulnerability and its fixture. –
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple Python packages which is vulnerable to "CVE-2024-3651, CVE-2023-32681, CVE-2024-35195, CVE-2024-37891" –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT Component uses jetty-http-10.0.22.jar and jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516 and CVE-2024-6763 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses runtime-7.20.13.tgz which is vulnerable to CVE-2025-27789. –
Security bulletin: Security Bulletin: IBM Truststore Manager uses jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516. –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-24010 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-32395 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses commons-io: 2.7 which is vulnerable to CVE-2024-47554 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.18.tgz CVE-2025-46565 vulnerability –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-31486 –
Security bulletin: Security Bulletin: There is a vulnerability in poi-ooxml-5.3.0.jarused by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-31672) –
Security bulletin: Security Bulletin: There is a vulnerability in flask-3.1.0-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-47278) –
Security bulletin: Security Bulletin: There is a vulnerability in prism-1.28.0.jsused by IBM Maximo Asset Management application ( CVE-2024-53382) –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses cookie-0.4.1.tgz which is vulnerable to CVE-2024-47764 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-30208 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.26.7.tgz which is vulnerable to CVE-2025-27789 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses braces-3.0.2.tgz which is vulnerable to CVE-2024-4068 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-31125 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses express-4.19.2.tgz which is vulnerable to CVE-2024-43796 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses serialize-javascript-4.0.0.tgz which is vulnerable to CVE-2024-47554 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses body-parser-1.19.2.tgz which is vulnerable to CVE-2024-45590 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-21538 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses send-0.18.0.tgz which is vulnerable to CVE-2024-43799 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses ws-7.5.9.tgz which is vulnerable to CVE-2024-37890 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses serve-static-1.15.0.tgz which is vulnerable to CVE-2024-43800 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.20.6.tgz which is vulnerable to CVE-2025-27789 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses runtime-7.26.0.tgz which is vulnerable to CVE-2025-27789 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255 –
If you have questions about how these vulnerabilities may impact your current Maximo Application Suite environment—or need support addressing them—please reach out to our team at info@interlocsolutions.com.
We're here to help you stay secure, compliant, and confident in your Maximo deployment.