<div style="display:inline;"> <img height="1" width="1" style="border-style:none;" alt="" src="//googleads.g.doubleclick.net/pagead/viewthroughconversion/1066880148/?value=0&amp;label=4oTQCMyJzwQQlJnd_AM&amp;guid=ON&amp;script=0">
Request More Info

«  View All Posts

Maximo Application Suite Security Bulletins October 2025 Blog Feature
Darlene Nerden

By: Darlene Nerden on October 30th, 2025

Print/Save as PDF

Maximo Application Suite Security Bulletins October 2025

Security | Data Security Excellence | Data Security | Information Security | Secure Solutions | Data Protection | Security Bulletins

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to form-data-4.0.3.tgz CVE-2025-7783 –

https://www.ibm.com/support/pages/node/7245963?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses org.eclipse.core.runtime 3.10.0.v20140318-2214 which is vulnerable to CVE-2023-4218 –

https://www.ibm.com/support/pages/node/7245966?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7247290?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty V.25.0.0.2, flask-3.1.0-py3-none-any.whl form-data-2.5.1.tgz and golang.org/x/net which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7247288?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7247287?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Truststore Manager uses urllib3-2.4.0-py3-none-any.whl and requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2025-50181 and CVE-2025-50182 –

https://www.ibm.com/support/pages/node/7247289?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in commons-lang3-3.4.jar used by IBM Maximo Asset Management application (CVE-2025-48924) –

https://www.ibm.com/support/pages/node/7247321?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E

Security bulletin: Security Bulletin: There is a vulnerability in commons-lang3-3.4.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-48924) –

https://www.ibm.com/support/pages/node/7247320?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36099) –

https://www.ibm.com/support/pages/node/7247322?myns=swgother&mynp=OCSSLLAM&mynp=OCSSG2D3&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLKT6&mynp=OCSSLL84&mynp=OCSSLL9Z&mynp=OCSSLKSJ&mynp=OCSSKVFR&mync=E&cm_sp=swgother-_-OCSSLLAM-OCSSG2D3-OCSSLL8M-OCSSWT9A-OCSS5RRF-OCSSLL9G-OCSSLKT6-OCSSLL84-OCSSLL9Z-OCSSLKSJ-OCSSKVFR-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server could allow a remote attacker to bypass security restrictions –

https://www.ibm.com/support/pages/node/7247344?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses Pillow is a Python imaging library format due to writing into a buffer –

https://www.ibm.com/support/pages/node/7247343?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server are vulnerable to denial of service –

https://www.ibm.com/support/pages/node/7247342?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses Requests is a HTTP library. Due to a URL parsing issue to third parties for specific urls –

https://www.ibm.com/support/pages/node/7247345?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty could allow a remote attacker to bypass security restrictions (CVE-2024-56339) –

https://www.ibm.com/support/pages/node/7247521?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.20-py3-none-any.whl CVE-2025-32873 –

https://www.ibm.com/support/pages/node/7247542?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.20-py3-none-any.whl CVE-2025-48432 –

https://www.ibm.com/support/pages/node/7247541?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses multer-1.4.5-lts.2.tgz which is vulnerable to CVE-2025-47935 –

https://www.ibm.com/support/pages/node/7249073?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Improper Resource Shutdown or Release vulnerability to the made you reset the attack –

https://www.ibm.com/support/pages/node/7249352?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Spring Framework MVC applications can be vulnerable to Traversal Vulnerability –

https://www.ibm.com/support/pages/node/7249353?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc –

https://www.ibm.com/support/pages/node/7249355?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-6.0.5.tgz which is vulnerable to CVE-2024-21538 –

https://www.ibm.com/support/pages/node/7249369?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting –

https://www.ibm.com/support/pages/node/7249382?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability –

https://www.ibm.com/support/pages/node/7249385?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability –

https://www.ibm.com/support/pages/node/7249381?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service –

https://www.ibm.com/support/pages/node/7249384?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Predict Component uses could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration –

https://www.ibm.com/support/pages/node/7249383?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Informer EdgeSync for Maximo contact form graphic

 

 

 

About Darlene Nerden

Darlene Nerden is a Maximo Operations and Support Engineer. She has worked with Maximo for over 30 years primarily on the infrastructure and systems side including installs, upgrades, performance tuning, etc. She has worked on a number of teams in the product lifecycle including QA, support, services, operations, etc. Darlene has been a key part of successful implementations and upgrades. She has also been an integral part in end-user acceptance of Maximo with key performance tuning and maintenance strategizes.