IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.
Security bulletin: Security Bulletin: IBM Data Dictionary uses protobuf-5.28.3-cp38-abi3-manylinux2014_x86_64.whl which is vulnerable to CVE-2025-4565 –
Security bulletin: Security Bulletin: Maximo AI Service Component: Spring Security Aspects may not correctly locate method security annotations on private methods. –
Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses an application is vulnerable to a reflected file download (RFD) attack.
Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses uthentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to runtime-7.24.8.tgz, runtime-7.26.0.tgz, runtime-7.26.9.tgz CVE-2025-27789 –
Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36038) –
Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-56339) –
Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36097) –
If you have questions about how these vulnerabilities may impact your current Maximo Application Suite environment—or need support addressing them—please reach out to our team at info@interlocsolutions.com.
We're here to help you stay secure, compliant, and confident in your Maximo deployment.