Maximo Application Suite Security Bulletins July 2025-2

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Data Dictionary uses protobuf-5.28.3-cp38-abi3-manylinux2014_x86_64.whl which is vulnerable to CVE-2025-4565 –

https://www.ibm.com/support/pages/node/7238991?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: Maximo AI Service Component: Spring Security Aspects may not correctly locate method security annotations on private methods. –

https://www.ibm.com/support/pages/node/7239049?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses an application is vulnerable to a reflected file download (RFD) attack.

https://www.ibm.com/support/pages/node/7239249?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses uthentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. –

https://www.ibm.com/support/pages/node/7239248?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to runtime-7.24.8.tgz, runtime-7.26.0.tgz, runtime-7.26.9.tgz CVE-2025-27789 –

https://www.ibm.com/support/pages/node/7239480?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36038) –

https://www.ibm.com/support/pages/node/7240133?myns=swgother&mynp=OCSSG2D3&mynp=OCSSLLAM&mynp=OCSSLKT6&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLL84&mynp=OCSSLL9Z&mynp=OCSSKVFR&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSG2D3-OCSSLLAM-OCSSLKT6-OCSSLL8M-OCSSWT9A-OCSS5RRF-OCSSLL9G-OCSSLL84-OCSSLL9Z-OCSSKVFR-OCSSLKSJ-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-56339) –

https://www.ibm.com/support/pages/node/7240134?myns=swgother&mynp=OCSSLL9Z&mynp=OCSSKVFR&mynp=OCSSG2D3&mynp=OCSSLKT6&mynp=OCSSLLAM&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLL84&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSLL9Z-OCSSKVFR-OCSSG2D3-OCSSLKT6-OCSSLLAM-OCSSLL8M-OCSSWT9A-OCSS5RRF-OCSSLL9G-OCSSLL84-OCSSLKSJ-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36097) –

https://www.ibm.com/support/pages/node/7240135?myns=swgother&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLL84&mynp=OCSSLL9Z&mynp=OCSSLKSJ&mynp=OCSSKVFR&mynp=OCSSLLAM&mynp=OCSSLL8M&mynp=OCSSG2D3&mynp=OCSSLKT6&mynp=OCSSWT9A&mync=E&cm_sp=swgother-_-OCSS5RRF-OCSSLL9G-OCSSLL84-OCSSLL9Z-OCSSLKSJ-OCSSKVFR-OCSSLLAM-OCSSLL8M-OCSSG2D3-OCSSLKT6-OCSSWT9A-_-E

If you have questions about how these vulnerabilities may impact your current Maximo Application Suite environment—or need support addressing them—please reach out to our team at  info@interlocsolutions.com.

We're here to help you stay secure, compliant, and confident in your Maximo deployment.