Maximo Application Suite Security Bulletins-September 2025

By: Darlene Nerden on September 23rd, 2025

Maximo Application Suite Security Bulletins-September 2025

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: Location Service for ESRI Component uses requests-2.32.3, urllib3-2.4.0 and flask-3.1.0 libraries which are vulnerable to CVE-2024-47081, CVE-2025-50181, CVE-2025-50182 and CVE-2025-47278 –

https://www.ibm.com/support/pages/node/7243553?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.48.0-py3-none-any.whl CVE-2025-2099 –

https://www.ibm.com/support/pages/node/7243685?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to setuptools-72.1.0-py3-none-any.whl CVE-2025-47273 –

https://www.ibm.com/support/pages/node/7243684?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tornado-6.4.2-cp38-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl CVE-2025-47287 –

https://www.ibm.com/support/pages/node/7243691?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Asset Management application (CVE-2025-27817,CVE-2025-27818) –

https://www.ibm.com/support/pages/node/7244112?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E

Security bulletin: Security Bulletin: There is a vulnerability in dojo-1.17.3.js used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2021-23450, CVE-2008-6681, CVE-2010-2273) –

https://www.ibm.com/support/pages/node/7244107?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-48976) –

https://www.ibm.com/support/pages/node/7244113?myns=swgother&mynp=OCSSLL84&mynp=OCSSG2D3&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSSLL9G&mynp=OCSSLL9Z&mynp=OCSSLKT6&mynp=OCSSLKSJ&mynp=OCSSLLAM&mynp=OCSS5RRF&mynp=OCSSKVFR&mync=E&cm_sp=swgother-_-OCSSLL84-OCSSG2D3-OCSSLL8M-OCSSWT9A-OCSSLL9G-OCSSLL9Z-OCSSLKT6-OCSSLKSJ-OCSSLLAM-OCSS5RRF-OCSSKVFR-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management ( CVE-2025-33142) –

https://www.ibm.com/support/pages/node/7244110?myns=swgother&mynp=OCSSLL9Z&mynp=OCSSKVFR&mynp=OCSSG2D3&mynp=OCSSLLAM&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSSLKT6&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLL84&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSLL9Z-OCSSKVFR-OCSSG2D3-OCSSLLAM-OCSSLL8M-OCSSWT9A-OCSSLKT6-OCSS5RRF-OCSSLL9G-OCSSLL84-OCSSLKSJ-_-E

Security bulletin: Security Bulletin: There is a vulnerability in urllib3-2.4.0-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-50181,CVE-2025-50182) –

https://www.ibm.com/support/pages/node/7244111?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36097) –

https://www.ibm.com/support/pages/node/7244109?myns=swgother&mynp=OCSSLL9G&mynp=OCSSKVFR&mynp=OCSSWT9A&mynp=OCSSLL84&mynp=OCSSG2D3&mynp=OCSSLKT6&mynp=OCSSLLAM&mynp=OCSS5RRF&mynp=OCSSLKSJ&mynp=OCSSLL8M&mynp=OCSSLL9Z&mync=E&cm_sp=swgother-_-OCSSLL9G-OCSSKVFR-OCSSWT9A-OCSSLL84-OCSSG2D3-OCSSLKT6-OCSSLLAM-OCSS5RRF-OCSSLKSJ-OCSSLL8M-OCSSLL9Z-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tar-fs-1.16.4.tgz CVE-2025-48387 –

https://www.ibm.com/support/pages/node/7244252?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.9.0.jar CVE-2025-27818, CVE-2025-27817 –

https://www.ibm.com/support/pages/node/7244985?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses jose-2.0.7.tgz, protobuf-3.20.3-py2.py3-none-any.whl and codemirror-6.0.1.tgz which is vulnerable to CVE-2025-45767, CVE-2025-4565 and CVE-2025-6493 –

https://www.ibm.com/support/pages/node/7245066?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Apache Commons Lang which is vulnerable to CVE-2025-48924 –

https://www.ibm.com/support/pages/node/7245824?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak –

https://www.ibm.com/support/pages/node/7245823?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses AIOHTTP asynchronous Python parser which is vulnerable to CVE-2025-53643 –

https://www.ibm.com/support/pages/node/7245821?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Nimbus JOSE+JWT library which is vulnerable to CVE-2025-53864 –

https://www.ibm.com/support/pages/node/7245825?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses PyTorch which is vulnerable to CVE-2025-4287 –

https://www.ibm.com/support/pages/node/7245827?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Starlette framework which is vulnerable to CVE-2025-54121 –

https://www.ibm.com/support/pages/node/7245826?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses vulnerable huggingface/transformers library –

https://www.ibm.com/support/pages/node/7245837?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses pyjwt v2.10.1 library which is vulnerable to CVE-2025-45768 –

https://www.ibm.com/support/pages/node/7245838?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Have questions or want more information:

Interloc20th_Logo_DarkBlue_Transparency

About Darlene Nerden

Darlene Nerden is a Maximo Operations and Support Engineer. She has worked with Maximo for over 30 years primarily on the infrastructure and systems side including installs, upgrades, performance tuning, etc. She has worked on a number of teams in the product lifecycle including QA, support, services, operations, etc. Darlene has been a key part of successful implementations and upgrades. She has also been an integral part in end-user acceptance of Maximo with key performance tuning and maintenance strategizes.

Maximo Consulting

Products and Technologies

Industries

Helpful Links

Mobile Informer Apps

Helpful Links

Maximo Consulting

Products and Technologies

Industries

Helpful Links

Mobile Informer Apps

Helpful Links

Maximo Application Suite Security Bulletins-September 2025

About Darlene Nerden