Interloc Solutions Blog

Maximo Application Suite Security Bulletins-January 2026

Written by Darlene Nerden | Jan 20, 2026 3:41:51 PM

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Edge Data Collector uses next-15.5.5.tgz which is vulnerable to CVE-2025-55182 –

https://www.ibm.com/support/pages/node/7255157?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.10.0.tgz, axios-1.11.0.tgz which are vulnerable to CVE-2025-58754 –

https://www.ibm.com/support/pages/node/7255884?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses brace-expansion-1.1.11.tgz which is vulnerable to CVE-2025-5889 –

https://www.ibm.com/support/pages/node/7255883?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses django-4.2.25-py3-none-any.whl which is vulnerable to CVE-2025-64458, CVE-2025-64459 –

https://www.ibm.com/support/pages/node/7255881?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses min-document-2.19.0.tgz which is vulnerable to CVE-2025-57352 –

https://www.ibm.com/support/pages/node/7255886?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses brace-expansion-1.1.11.tgz which is vulnerable to CVE-2025-5889 –

https://www.ibm.com/support/pages/node/7255882?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could provide weaker than expected security due to crypto.js and vulnerable to CVE-2020-36732 –

https://www.ibm.com/support/pages/node/7255885?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Insufficiently Random Values vulnerability in form-data –

https://www.ibm.com/support/pages/node/7255887?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7255891?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7255893?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7255892?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses scikit_learn-1.3.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2024-5206 –

https://www.ibm.com/support/pages/node/7255933?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could allow a remote attacker to bypass security restrictions and vulnerable to CVE-2024-56339 –

https://www.ibm.com/support/pages/node/7255934?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses webpack-dev-server - 4.15.2 which is vulnerable to CVE-2025-30360 –

https://www.ibm.com/support/pages/node/7255942?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6638 and CVE-2025-3777 –

https://www.ibm.com/support/pages/node/7255944?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2024-55459 –

https://www.ibm.com/support/pages/node/7255945?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses runtime-7.25.9.tgz, runtime-7.26.0.tgz, runtime-7.26.9.tgz which is vulnerable to CVE-2025-27789 –

https://www.ibm.com/support/pages/node/7255946?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses on-headers-1.0.2.tgz which is vulnerable to CVE-2025-7339 –

https://www.ibm.com/support/pages/node/7255943?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-7962) 

https://www.ibm.com/support/pages/node/7256143?myns=swgother&mynp=OCSSKVFR&mynp=OCSSLL8M&mynp=OCSSLL84&mynp=OCSSLLAM&mynp=OCSSWT9A&mynp=OCSSLKT6&mynp=OCSS5RRF&mynp=OCSSLKSJ&mynp=OCSSG2D3&mynp=OCSSLL9G&mynp=OCSSLL9Z&mync=E&cm_sp=swgother-_-OCSSKVFR-OCSSLL8M-OCSSLL84-OCSSLLAM-OCSSWT9A-OCSSLKT6-OCSS5RRF-OCSSLKSJ-OCSSG2D3-OCSSLL9G-OCSSLL9Z-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-12635) –

https://www.ibm.com/support/pages/node/7256145?myns=swgother&mynp=OCSSG2D3&mynp=OCSSLKSJ&mynp=OCSSWT9A&mynp=OCSSLL9Z&mynp=OCSSLL8M&mynp=OCSSLLAM&mynp=OCSSLL84&mynp=OCSSLL9G&mynp=OCSSKVFR&mynp=OCSSLKT6&mynp=OCSS5RRF&mync=E&cm_sp=swgother-_-OCSSG2D3-OCSSLKSJ-OCSSWT9A-OCSSLL9Z-OCSSLL8M-OCSSLLAM-OCSSLL84-OCSSLL9G-OCSSKVFR-OCSSLKT6-OCSS5RRF-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2025-1550 –

https://www.ibm.com/support/pages/node/7256205?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses java 17.0.13,github.com/go-viper/mapstructure/v2 v2.2.1 and github.com/docker/docker v27.3.1 which is vulnerable to GHSA-2464-8j7c-4cjm,CVE-2025-21502 and CVE-2025-54410 –

https://www.ibm.com/support/pages/node/7256206?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses bcpkix-jdk18on-1.78.1.jar which is vulnerable to CVE-2025-8916 –

https://www.ibm.com/support/pages/node/7256210?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses IBM WebSphere Application Server Liberty 25.0.0.8 which is vulnerable to CVE-2025-36000, CVE-2020-36732 and CVE-2025-36124 –

https://www.ibm.com/support/pages/node/7256211?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47913 –

https://www.ibm.com/support/pages/node/7257347?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

 
View full post