Maximo Application Suite Security Bulletins

By: Darlene Nerden on August 28th, 2025

Maximo Application Suite Security Bulletins

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses axios-1.7.7.tgz which is vulnerable to CVE-2024-57965 –

https://www.ibm.com/support/pages/node/7240390?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups –

https://www.ibm.com/support/pages/node/7240972?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses urllib3 is a user-friendly HTTP client library for Python will remain the vulnerable –

https://www.ibm.com/support/pages/node/7240973?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-33104) –

https://www.ibm.com/support/pages/node/7241196?myns=swgother&mynp=OCSSLL9Z&mynp=OCSSWT9A&mynp=OCSSG2D3&mynp=OCSS5RRF&mynp=OCSSLKT6&mynp=OCSSLLAM&mynp=OCSSLL9G&mynp=OCSSLKSJ&mynp=OCSSLL8M&mynp=OCSSLL84&mynp=OCSSKVFR&mync=E&cm_sp=swgother-_-OCSSLL9Z-OCSSWT9A-OCSSG2D3-OCSS5RRF-OCSSLKT6-OCSSLLAM-OCSSLL9G-OCSSLKSJ-OCSSLL8M-OCSSLL84-OCSSKVFR-_-E

Security bulletin: Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025- Includes Oracle Apr 2025 CPU –

https://www.ibm.com/support/pages/node/7241195?myns=swgother&mynp=OCSSLL9G&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSSLLAM&mynp=OCSSG2D3&mynp=OCSSLKT6&mynp=OCSSKVFR&mynp=OCSSLKSJ&mynp=OCSSLL84&mynp=OCSSLL9Z&mynp=OCSS5RRF&mync=E&cm_sp=swgother-_-OCSSLL9G-OCSSLL8M-OCSSWT9A-OCSSLLAM-OCSSG2D3-OCSSLKT6-OCSSKVFR-OCSSLKSJ-OCSSLL84-OCSSLL9Z-OCSS5RRF-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36097) –

https://www.ibm.com/support/pages/node/7241194?myns=swgother&mynp=OCSSWT9A&mynp=OCSSLKSJ&mynp=OCSSLL9G&mynp=OCSSKVFR&mynp=OCSSLL84&mynp=OCSSG2D3&mynp=OCSSLLAM&mynp=OCSSLL9Z&mynp=OCSSLKT6&mynp=OCSSLL8M&mynp=OCSS5RRF&mync=E&cm_sp=swgother-_-OCSSWT9A-OCSSLKSJ-OCSSLL9G-OCSSKVFR-OCSSLL84-OCSSG2D3-OCSSLLAM-OCSSLL9Z-OCSSLKT6-OCSSLL8M-OCSS5RRF-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36038) –

https://www.ibm.com/support/pages/node/7241223?myns=swgother&mynp=OCSSKVFR&mynp=OCSSLL8M&mynp=OCSSLL84&mynp=OCSSLKSJ&mynp=OCSSWT9A&mynp=OCSSLL9Z&mynp=OCSSLLAM&mynp=OCSS5RRF&mynp=OCSSLKT6&mynp=OCSSLL9G&mynp=OCSSG2D3&mync=E&cm_sp=swgother-_-OCSSKVFR-OCSSLL8M-OCSSLL84-OCSSLKSJ-OCSSWT9A-OCSSLL9Z-OCSSLLAM-OCSS5RRF-OCSSLKT6-OCSSLL9G-OCSSG2D3-_-E

Security bulletin: Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184) –

https://www.ibm.com/support/pages/node/7241290?myns=swgother&mynp=OCSSLL9G&mynp=OCSSLL9Z&mynp=OCSSKVFR&mynp=OCSSLL84&mynp=OCSSLLAM&mynp=OCSSWT9A&mynp=OCSSLKSJ&mynp=OCSSLKT6&mynp=OCSSG2D3&mynp=OCSSLL8M&mynp=OCSS5RRF&mync=E&cm_sp=swgother-_-OCSSLL9G-OCSSLL9Z-OCSSKVFR-OCSSLL84-OCSSLLAM-OCSSWT9A-OCSSLKSJ-OCSSLKT6-OCSSG2D3-OCSSLL8M-OCSS5RRF-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses flask_cors-5.0.1-py3-none-any.whl which is vulnerable to CVE-2024-6866, CVE-2024-6839, CVE-2024-6 –

https://www.ibm.com/support/pages/node/7241299?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-25193) –

https://www.ibm.com/support/pages/node/7241389?myns=swgother&mynp=OCSSWT9A&mynp=OCSSLKSJ&mynp=OCSSLKT6&mynp=OCSSG2D3&mynp=OCSSLL8M&mynp=OCSSLL9G&mynp=OCSSLL9Z&mynp=OCSSKVFR&mynp=OCSSLL84&mynp=OCSSLLAM&mynp=OCSS5RRF&mync=E&cm_sp=swgother-_-OCSSWT9A-OCSSLKSJ-OCSSLKT6-OCSSG2D3-OCSSLL8M-OCSSLL9G-OCSSLL9Z-OCSSKVFR-OCSSLL84-OCSSLLAM-OCSS5RRF-_-E

Security bulletin: Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-27817) –

https://www.ibm.com/support/pages/node/7241390?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple nodejs and go packages which is vulnerable to " CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871" –

https://www.ibm.com/support/pages/node/7241394?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

About Darlene Nerden

Darlene Nerden is a Maximo Operations and Support Engineer. She has worked with Maximo for over 30 years primarily on the infrastructure and systems side including installs, upgrades, performance tuning, etc. She has worked on a number of teams in the product lifecycle including QA, support, services, operations, etc. Darlene has been a key part of successful implementations and upgrades. She has also been an integral part in end-user acceptance of Maximo with key performance tuning and maintenance strategizes.

Maximo Consulting

Products and Technologies

Industries

Helpful Links

Mobile Informer Apps

Helpful Links

Maximo Consulting

Products and Technologies

Industries

Helpful Links

Mobile Informer Apps

Helpful Links

Maximo Application Suite Security Bulletins

About Darlene Nerden