<div style="display:inline;"> <img height="1" width="1" style="border-style:none;" alt="" src="//googleads.g.doubleclick.net/pagead/viewthroughconversion/1066880148/?value=0&amp;label=4oTQCMyJzwQQlJnd_AM&amp;guid=ON&amp;script=0">
Request More Info

«  View All Posts

Maximo Application Suite Security Bulletins-January 2026 Blog Feature
Darlene Nerden

By: Darlene Nerden on January 20th, 2026

Print/Save as PDF

Maximo Application Suite Security Bulletins-January 2026

Interloc Solutions | IBM Maximo | Services | Security | IBM Maximo Resources | IBM Think | Information Security | Secure Solutions | Security Bulletins | IBM Updates | IBM MAS | Security Updates | ibm security

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Edge Data Collector uses next-15.5.5.tgz which is vulnerable to CVE-2025-55182 –

https://www.ibm.com/support/pages/node/7255157?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.10.0.tgz, axios-1.11.0.tgz which are vulnerable to CVE-2025-58754 –

https://www.ibm.com/support/pages/node/7255884?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses brace-expansion-1.1.11.tgz which is vulnerable to CVE-2025-5889 –

https://www.ibm.com/support/pages/node/7255883?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses django-4.2.25-py3-none-any.whl which is vulnerable to CVE-2025-64458, CVE-2025-64459 –

https://www.ibm.com/support/pages/node/7255881?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses min-document-2.19.0.tgz which is vulnerable to CVE-2025-57352 –

https://www.ibm.com/support/pages/node/7255886?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses brace-expansion-1.1.11.tgz which is vulnerable to CVE-2025-5889 –

https://www.ibm.com/support/pages/node/7255882?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could provide weaker than expected security due to crypto.js and vulnerable to CVE-2020-36732 –

https://www.ibm.com/support/pages/node/7255885?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Insufficiently Random Values vulnerability in form-data –

https://www.ibm.com/support/pages/node/7255887?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7255891?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7255893?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7255892?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses scikit_learn-1.3.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2024-5206 –

https://www.ibm.com/support/pages/node/7255933?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could allow a remote attacker to bypass security restrictions and vulnerable to CVE-2024-56339 –

https://www.ibm.com/support/pages/node/7255934?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses webpack-dev-server - 4.15.2 which is vulnerable to CVE-2025-30360 –

https://www.ibm.com/support/pages/node/7255942?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6638 and CVE-2025-3777 –

https://www.ibm.com/support/pages/node/7255944?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2024-55459 –

https://www.ibm.com/support/pages/node/7255945?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses runtime-7.25.9.tgz, runtime-7.26.0.tgz, runtime-7.26.9.tgz which is vulnerable to CVE-2025-27789 –

https://www.ibm.com/support/pages/node/7255946?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses on-headers-1.0.2.tgz which is vulnerable to CVE-2025-7339 –

https://www.ibm.com/support/pages/node/7255943?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-7962) 

https://www.ibm.com/support/pages/node/7256143?myns=swgother&mynp=OCSSKVFR&mynp=OCSSLL8M&mynp=OCSSLL84&mynp=OCSSLLAM&mynp=OCSSWT9A&mynp=OCSSLKT6&mynp=OCSS5RRF&mynp=OCSSLKSJ&mynp=OCSSG2D3&mynp=OCSSLL9G&mynp=OCSSLL9Z&mync=E&cm_sp=swgother-_-OCSSKVFR-OCSSLL8M-OCSSLL84-OCSSLLAM-OCSSWT9A-OCSSLKT6-OCSS5RRF-OCSSLKSJ-OCSSG2D3-OCSSLL9G-OCSSLL9Z-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-12635) –

https://www.ibm.com/support/pages/node/7256145?myns=swgother&mynp=OCSSG2D3&mynp=OCSSLKSJ&mynp=OCSSWT9A&mynp=OCSSLL9Z&mynp=OCSSLL8M&mynp=OCSSLLAM&mynp=OCSSLL84&mynp=OCSSLL9G&mynp=OCSSKVFR&mynp=OCSSLKT6&mynp=OCSS5RRF&mync=E&cm_sp=swgother-_-OCSSG2D3-OCSSLKSJ-OCSSWT9A-OCSSLL9Z-OCSSLL8M-OCSSLLAM-OCSSLL84-OCSSLL9G-OCSSKVFR-OCSSLKT6-OCSS5RRF-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2025-1550 –

https://www.ibm.com/support/pages/node/7256205?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses java 17.0.13,github.com/go-viper/mapstructure/v2 v2.2.1 and github.com/docker/docker v27.3.1 which is vulnerable to GHSA-2464-8j7c-4cjm,CVE-2025-21502 and CVE-2025-54410 –

https://www.ibm.com/support/pages/node/7256206?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses bcpkix-jdk18on-1.78.1.jar which is vulnerable to CVE-2025-8916 –

https://www.ibm.com/support/pages/node/7256210?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses IBM WebSphere Application Server Liberty 25.0.0.8 which is vulnerable to CVE-2025-36000, CVE-2020-36732 and CVE-2025-36124 –

https://www.ibm.com/support/pages/node/7256211?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47913 –

https://www.ibm.com/support/pages/node/7257347?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

White Simple Make Logo Tutorial Email Header-1

 

About Darlene Nerden

Darlene Nerden is a Maximo Operations and Support Engineer. She has worked with Maximo for over 30 years primarily on the infrastructure and systems side including installs, upgrades, performance tuning, etc. She has worked on a number of teams in the product lifecycle including QA, support, services, operations, etc. Darlene has been a key part of successful implementations and upgrades. She has also been an integral part in end-user acceptance of Maximo with key performance tuning and maintenance strategizes.