IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.
Security bulletin: Security Bulletin: Location Service for ESRI Component uses requests-2.32.3, urllib3-2.4.0 and flask-3.1.0 libraries which are vulnerable to CVE-2024-47081, CVE-2025-50181, CVE-2025-50182 and CVE-2025-47278 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.48.0-py3-none-any.whl CVE-2025-2099 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to setuptools-72.1.0-py3-none-any.whl CVE-2025-47273 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tornado-6.4.2-cp38-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl CVE-2025-47287 –
Security bulletin: Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Asset Management application (CVE-2025-27817,CVE-2025-27818) –
Security bulletin: Security Bulletin: There is a vulnerability in dojo-1.17.3.js used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2021-23450, CVE-2008-6681, CVE-2010-2273) –
Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-48976) –
Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management ( CVE-2025-33142) –
Security bulletin: Security Bulletin: There is a vulnerability in urllib3-2.4.0-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-50181,CVE-2025-50182) –
Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36097) –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tar-fs-1.16.4.tgz CVE-2025-48387 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.9.0.jar CVE-2025-27818, CVE-2025-27817 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses jose-2.0.7.tgz, protobuf-3.20.3-py2.py3-none-any.whl and codemirror-6.0.1.tgz which is vulnerable to CVE-2025-45767, CVE-2025-4565 and CVE-2025-6493 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Apache Commons Lang which is vulnerable to CVE-2025-48924 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak –
Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses AIOHTTP asynchronous Python parser which is vulnerable to CVE-2025-53643 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Nimbus JOSE+JWT library which is vulnerable to CVE-2025-53864 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses PyTorch which is vulnerable to CVE-2025-4287 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Starlette framework which is vulnerable to CVE-2025-54121 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses vulnerable huggingface/transformers library –
Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses pyjwt v2.10.1 library which is vulnerable to CVE-2025-45768 –
Have questions or want more information: