IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses axios-1.7.7.tgz which is vulnerable to CVE-2024-57965 –
https://www.ibm.com/support/pages/node/7240390?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E
Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups –
https://www.ibm.com/support/pages/node/7240972?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E
Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses urllib3 is a user-friendly HTTP client library for Python will remain the vulnerable –
https://www.ibm.com/support/pages/node/7240973?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E
Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-33104) –
https://www.ibm.com/support/pages/node/7241196?myns=swgother&mynp=OCSSLL9Z&mynp=OCSSWT9A&mynp=OCSSG2D3&mynp=OCSS5RRF&mynp=OCSSLKT6&mynp=OCSSLLAM&mynp=OCSSLL9G&mynp=OCSSLKSJ&mynp=OCSSLL8M&mynp=OCSSLL84&mynp=OCSSKVFR&mync=E&cm_sp=swgother-_-OCSSLL9Z-OCSSWT9A-OCSSG2D3-OCSS5RRF-OCSSLKT6-OCSSLLAM-OCSSLL9G-OCSSLKSJ-OCSSLL8M-OCSSLL84-OCSSKVFR-_-E
Security bulletin: Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025- Includes Oracle Apr 2025 CPU –
https://www.ibm.com/support/pages/node/7241195?myns=swgother&mynp=OCSSLL9G&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSSLLAM&mynp=OCSSG2D3&mynp=OCSSLKT6&mynp=OCSSKVFR&mynp=OCSSLKSJ&mynp=OCSSLL84&mynp=OCSSLL9Z&mynp=OCSS5RRF&mync=E&cm_sp=swgother-_-OCSSLL9G-OCSSLL8M-OCSSWT9A-OCSSLLAM-OCSSG2D3-OCSSLKT6-OCSSKVFR-OCSSLKSJ-OCSSLL84-OCSSLL9Z-OCSS5RRF-_-E
Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36097) –
https://www.ibm.com/support/pages/node/7241194?myns=swgother&mynp=OCSSWT9A&mynp=OCSSLKSJ&mynp=OCSSLL9G&mynp=OCSSKVFR&mynp=OCSSLL84&mynp=OCSSG2D3&mynp=OCSSLLAM&mynp=OCSSLL9Z&mynp=OCSSLKT6&mynp=OCSSLL8M&mynp=OCSS5RRF&mync=E&cm_sp=swgother-_-OCSSWT9A-OCSSLKSJ-OCSSLL9G-OCSSKVFR-OCSSLL84-OCSSG2D3-OCSSLLAM-OCSSLL9Z-OCSSLKT6-OCSSLL8M-OCSS5RRF-_-E
Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36038) –
https://www.ibm.com/support/pages/node/7241223?myns=swgother&mynp=OCSSKVFR&mynp=OCSSLL8M&mynp=OCSSLL84&mynp=OCSSLKSJ&mynp=OCSSWT9A&mynp=OCSSLL9Z&mynp=OCSSLLAM&mynp=OCSS5RRF&mynp=OCSSLKT6&mynp=OCSSLL9G&mynp=OCSSG2D3&mync=E&cm_sp=swgother-_-OCSSKVFR-OCSSLL8M-OCSSLL84-OCSSLKSJ-OCSSWT9A-OCSSLL9Z-OCSSLLAM-OCSS5RRF-OCSSLKT6-OCSSLL9G-OCSSG2D3-_-E
Security bulletin: Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184) –
https://www.ibm.com/support/pages/node/7241290?myns=swgother&mynp=OCSSLL9G&mynp=OCSSLL9Z&mynp=OCSSKVFR&mynp=OCSSLL84&mynp=OCSSLLAM&mynp=OCSSWT9A&mynp=OCSSLKSJ&mynp=OCSSLKT6&mynp=OCSSG2D3&mynp=OCSSLL8M&mynp=OCSS5RRF&mync=E&cm_sp=swgother-_-OCSSLL9G-OCSSLL9Z-OCSSKVFR-OCSSLL84-OCSSLLAM-OCSSWT9A-OCSSLKSJ-OCSSLKT6-OCSSG2D3-OCSSLL8M-OCSS5RRF-_-E
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses flask_cors-5.0.1-py3-none-any.whl which is vulnerable to CVE-2024-6866, CVE-2024-6839, CVE-2024-6 –
https://www.ibm.com/support/pages/node/7241299?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E
Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-25193) –
https://www.ibm.com/support/pages/node/7241389?myns=swgother&mynp=OCSSWT9A&mynp=OCSSLKSJ&mynp=OCSSLKT6&mynp=OCSSG2D3&mynp=OCSSLL8M&mynp=OCSSLL9G&mynp=OCSSLL9Z&mynp=OCSSKVFR&mynp=OCSSLL84&mynp=OCSSLLAM&mynp=OCSS5RRF&mync=E&cm_sp=swgother-_-OCSSWT9A-OCSSLKSJ-OCSSLKT6-OCSSG2D3-OCSSLL8M-OCSSLL9G-OCSSLL9Z-OCSSKVFR-OCSSLL84-OCSSLLAM-OCSS5RRF-_-E
Security bulletin: Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-27817) –
https://www.ibm.com/support/pages/node/7241390?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple nodejs and go packages which is vulnerable to " CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871" –
https://www.ibm.com/support/pages/node/7241394?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E