Interloc Solutions Blog

Maximo Application Suite Security Bulletins June 2025

Written by Darlene Nerden | Jun 4, 2025 11:17:38 AM

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify- http-proxy-middleware-2.0.6.tgz which is vulnerable to CVE-2024-21536 –

https://www.ibm.com/support/pages/node/7234592?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to lightgbm-4.5.0-py3-none-manylinux_2_28_x86_64.whl CVE-2024-43598 –

https://www.ibm.com/support/pages/node/7234920?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.3.4.min.js, axios-1.7.7.tgz CVE-2024-57965 –

https://www.ibm.com/support/pages/node/7235025?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.46.3-py3-none-any.whl CVE-2025-1194 –

https://www.ibm.com/support/pages/node/7235027?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to openssl-0.10.64.crate CVE-2025-24898 –

https://www.ibm.com/support/pages/node/7235026?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl, jinja2-3.1.5-py3-none-any.whl CVE-2025-27516 –

https://www.ibm.com/support/pages/node/7235028?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to openssl-0.10.70.crate CVE-2025-3416 –

https://www.ibm.com/support/pages/node/7235029?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cxf-core-3.5.5.jar, cxf-core-4.0.5.jar CVE-2025-23184 –

https://www.ibm.com/support/pages/node/7235030?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to http-proxy-middleware-2.0.7.tgz CVE-2025-32997 –

https://www.ibm.com/support/pages/node/7235032?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to WebSphere Liberty which is vulnerable to a denial of service due to Netty CVE-2024-47535 –

https://www.ibm.com/support/pages/node/7235031?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite Predict Component : Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used –

https://www.ibm.com/support/pages/node/7235163?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses axios-1.7.7.tgz, Kubectl-1.22.4 and Websphere Liberty - 24.0.0.11 which is vulnerable to CVE-2025-27152, CVE-2024-47535, CVE-2024-24791, CVE-2024-45336, CVE-2024 –

https://www.ibm.com/support/pages/node/7235181?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: IBM Asset Data Dictionary uses netty-common-4.1.115.Final.jar which is vulnerable to CVE-2025-25193 –

https://www.ibm.com/support/pages/node/7231159?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT Component uses commons-codec-1.11.jar, okio-jvm-3.0.0.jar, jetty-http-10.0.24.jar and jetty-server-10.0.24.jar which is vulnerable to CVE-2020-8908, CVE-2023-2976, CVE-2024-6763, CVE-2023-3635 –

https://www.ibm.com/support/pages/node/7235178?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-12797 –

https://www.ibm.com/support/pages/node/7230838?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses elliptic-6.5.4.tgz (Publicly disclosed vulnerability found by Mend) –

https://www.ibm.com/support/pages/node/7235410?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.18-py3-none-any.whl CVE-2025-26699 –

https://www.ibm.com/support/pages/node/7235414?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component in IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184) –

https://www.ibm.com/support/pages/node/7235415?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.4.tgz, dompurify-3.2.5.tgz CVE-2025-48050 –

https://www.ibm.com/support/pages/node/7235416?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Stay in the loop on all the latest Security Bulletins by signing up for our Security Updates.

 
View full post