File Upload Vulnerability in IBM Maximo Application Suite
CVE-2025-1500

5.5MEDIUM

Key Information:

Vendor: IBM
Status: Maximo Application Suite
Vendor: CVE Published:; 5 April 2025

Summary

IBM Maximo Application Suite 9.0 contains a vulnerability that enables an authenticated user to upload files of unsafe types. If these files are accessed by other users, they can potentially execute harmful code, posing significant security risks to the application and its users. Proper validation mechanisms should be in place to prevent unauthorized file uploads and mitigate the threat.

Affected Version(s)

Maximo Application Suite 9.0

References

https://www.ibm.com/support/pages/node/7230140

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2025