Maximo Application Suite Security Bulletins November 2025

By: Darlene Nerden on November 25th, 2025

Maximo Application Suite Security Bulletins November 2025

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: There is a vulnerability in the IBM Maximo Manage application in IBM Maximo Application Suite for Cognos Analytics –

https://www.ibm.com/support/pages/node/7249416?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2024-47081 –

https://www.ibm.com/support/pages/node/7249638?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party libraries which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7249970?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7249972?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses crossbeam-channel-0.5.14.crate which is vulnerable to CVE-2025-4574 –

https://www.ibm.com/support/pages/node/7249977?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses ring-0.17.9.crate which is vulnerable to CVE-2025-4432 –

https://www.ibm.com/support/pages/node/7249987?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses requests-2.32.2-py3-none-any.whl which is vulnerable to CVE-2024-47081 –

https://www.ibm.com/support/pages/node/7249991?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses urllib3-1.26.19-py2.py3-none-any.whl which is vulnerable to CVE-2025-50181, CVE-2025-50182 –

https://www.ibm.com/support/pages/node/7249988?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses eventlet-0.40.1-py3-none-any.whl, commons-lang3-3.17.0.jar, net/http/internal 1.23.4 which is vulnerable to CVE-2025-58068, CVE-2025-48924, CVE-2025-22871 –

https://www.ibm.com/support/pages/node/7250448?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in netty-codec-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-58057) –

https://www.ibm.com/support/pages/node/7250662?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in reactor-netty-http-1.2.1.jar (used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-22227) –

https://www.ibm.com/support/pages/node/7250656?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service due to Apache Commons FileUpload ( CVE-2025-48976) –

https://www.ibm.com/support/pages/node/7250660?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in netty-codec-http-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-58056) –

https://www.ibm.com/support/pages/node/7250661?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in netty-codec-http2-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-55163) –

https://www.ibm.com/support/pages/node/7250659?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service ( CVE-2025-36000) –

https://www.ibm.com/support/pages/node/7250665?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service with HTTP/2 ( CVE-2025-36047) –

https://www.ibm.com/support/pages/node/7250670?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty is affected by a security bypass in JMS messaging ( CVE-2025-36124) –

https://www.ibm.com/support/pages/node/7250671?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses openjdk 17.0.14 and Python 3.11.11 which is vulnerable to CVEs listed in Summary –

https://www.ibm.com/support/pages/node/7251406?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

About Darlene Nerden

Darlene Nerden is a Maximo Operations and Support Engineer. She has worked with Maximo for over 30 years primarily on the infrastructure and systems side including installs, upgrades, performance tuning, etc. She has worked on a number of teams in the product lifecycle including QA, support, services, operations, etc. Darlene has been a key part of successful implementations and upgrades. She has also been an integral part in end-user acceptance of Maximo with key performance tuning and maintenance strategizes.

Maximo Consulting

Products and Technologies

Industries

Helpful Links

Mobile Informer Apps

Informer EdgeSync

Helpful Links

Maximo Consulting

Products and Technologies

Industries

Helpful Links

Mobile Informer Apps

Informer EdgeSync

Helpful Links

Maximo Application Suite Security Bulletins November 2025

About Darlene Nerden