Maximo Application Suite Security Bulletins February 2026

By: Darlene Nerden on February 24th, 2026

Maximo Application Suite Security Bulletins February 2026

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: Location Service for ESRI Component uses urllib3-2.5.0 and werkzeug-3.1.3 library which were vulnerable to CVE-2025-66418, CVE-2025-66471 and CVE-2025-66221 respectively –

https://www.ibm.com/support/pages/node/7258352?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses js-yaml-4.1.0 in map-application which is vulnerable to CVE-2025-64718 –

https://www.ibm.com/support/pages/node/7258351?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-3.10.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl which are vulnerable to CVE-2025-12058, CVE-2025-12060, CVE-2025-9905, CVE-2025-9906 –

https://www.ibm.com/support/pages/node/7258418?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses Python package - setuptools which is vulnerable to CVE-2025-47273, CVE-2024-6345 –

https://www.ibm.com/support/pages/node/7258419?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7258420?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.1.3,fonttools-4.60.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl,lodash.clonedeep-4.5.0.tgz,js-yaml-4.1.0.tgz,mdast-util-towhich is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7258421?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses PyJWT-2.10.0-py3-none-any.whl which is vulnerable to CVE-2024-53861 –

https://www.ibm.com/support/pages/node/7258422?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses systeminformation-5.25.11.tgz which are vulnerable to CVE-2025-68154 –

https://www.ibm.com/support/pages/node/7258428?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945 –

https://www.ibm.com/support/pages/node/7258427?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses bootstrap-table-1.18.1.min.js, bootstrap-table-1.18.2.min.js, bootstrap-table-export-1.18.2.min.js which are vulnerable to CVE-2022-1726, CVE-2021-23472 –

https://www.ibm.com/support/pages/node/7258425?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses django-4.2.26-py3-none-any.whl which are vulnerable to CVE-2025-13372, CVE-2025-64460 –

https://www.ibm.com/support/pages/node/7258423?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945 –

https://www.ibm.com/support/pages/node/7258426?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses urllib3-2.5.0-py3-none-any.whl which is vulnerable to CVE-2025-66418, CVE-2025-66471 –

https://www.ibm.com/support/pages/node/7258429?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses lz4-java-1.8.0.jar which is vulnerable to CVE-2025-12183, CVE-2025-66566 –

https://www.ibm.com/support/pages/node/7258424?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses urllib3-2.5.0-py3-none-any.whl which is vulnerable to CVE-2025-66418, CVE-2025-66471 –

https://www.ibm.com/support/pages/node/7258430?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by SMTP injection due to Jakarta Mail and vulnerable to CVE-2025-7962 –

https://www.ibm.com/support/pages/node/7258432?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses min-document which is vulnerable to CVE-2025-57352 –

https://www.ibm.com/support/pages/node/7259265?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-12816 –

https://www.ibm.com/support/pages/node/7259267?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031 –

https://www.ibm.com/support/pages/node/7259268?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses glob which is vulnerable to CVE-2025-64756 –

https://www.ibm.com/support/pages/node/7259271?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang-jwt which is vulnerable to CVE-2025-30204 –

https://www.ibm.com/support/pages/node/7259270?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs –

https://www.ibm.com/support/pages/node/7259393?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs –

https://www.ibm.com/support/pages/node/7259394?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: The IBM Maximo Application Suite IoT component uses "urllib3-2.5.0-py3-none-any.whl" which are vulnerable to "CVE-2025-66418, CVE-2025-66471" –https://www.ibm.com/support/pages/node/7259392?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs –

https://www.ibm.com/support/pages/node/7259395?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs –

https://www.ibm.com/support/pages/node/7259396?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty is affected by SMTP injection due to Jakarta Mail (CVE-2025-7962) –

https://www.ibm.com/support/pages/node/7259409?myns=swgother&mynp=OCSSWT9A&mynp=OCSSLL9G&mynp=OCSSLKT6&mynp=OCSSLLAM&mynp=OCSSLL8M&mynp=OCSSG2D3&mynp=OCSS5RRF&mynp=OCSSKVFR&mynp=OCSSLL84&mynp=OCSSLL9Z&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSWT9A-OCSSLL9G-OCSSLKT6-OCSSLLAM-OCSSLL8M-OCSSG2D3-OCSS5RRF-OCSSKVFR-OCSSLL84-OCSSLL9Z-OCSSLKSJ-_-E

Security bulletin: Security Bulletin: There is a vulnerability in urllib3-2.5.0-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-66418) –https://www.ibm.com/support/pages/node/7259408?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in lz4-java-1.7.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-12183) –

https://www.ibm.com/support/pages/node/7259410?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in pyasn1-0.6.1.tar.gz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-23490) –

https://www.ibm.com/support/pages/node/7259411?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in lz4-java-1.8.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-66566) –

https://www.ibm.com/support/pages/node/7259412?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in werkzeug-3.1.3-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-66221) –

https://www.ibm.com/support/pages/node/7259414?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses k8s.io/kubernetes v1.33.1 which is vulnerable to CVE-2025-4563 and CVE-2025-5187 –

https://www.ibm.com/support/pages/node/7259513?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: Reliability Strategies was using vulnerable library –

https://www.ibm.com/support/pages/node/7259511?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses urllib3 which is vulnerable to CVE-2025-66418 and CVE-2025-66471 –

https://www.ibm.com/support/pages/node/7259911?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component was using python,nginx and packages which were vulnerable to CVE-2025-4435, CVE-2025-23419, CVE-2025-4330, CVE-2025-4138, CVE-2025-47273 –

https://www.ibm.com/support/pages/node/7259912?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses logback-core which is vulnerable to CVE-2025-11226 -

https://www.ibm.com/support/pages/node/7260184?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

About Darlene Nerden

Darlene Nerden is a Maximo Operations and Support Engineer. She has worked with Maximo for over 30 years primarily on the infrastructure and systems side including installs, upgrades, performance tuning, etc. She has worked on a number of teams in the product lifecycle including QA, support, services, operations, etc. Darlene has been a key part of successful implementations and upgrades. She has also been an integral part in end-user acceptance of Maximo with key performance tuning and maintenance strategizes.

Maximo Consulting

Products and Technologies

Industries

Helpful Links

Mobile Informer Apps

Informer EdgeSync

Helpful Links

Maximo Consulting

Products and Technologies

Industries

Helpful Links

Mobile Informer Apps

Informer EdgeSync

Helpful Links

Maximo Application Suite Security Bulletins February 2026

About Darlene Nerden