Authentication Bypass Vulnerability in IBM Maximo Application Suite
CVE-2025-36386

9.8CRITICAL

Key Information:

Vendor: IBM
Status: IBM Maximo Application Suite
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-36386?

The IBM Maximo Application Suite versions 9.0.0 to 9.0.15 and 9.1.0 to 9.1.4 are susceptible to an authentication bypass vulnerability. This flaw could enable remote attackers to circumvent authentication mechanisms, potentially leading to unauthorized access to sensitive application features and data. It is essential for users to review their security configurations and apply the necessary patches to mitigate this vulnerability.

Affected Version(s)

IBM Maximo Application Suite 9.0.0 <= 9.0.15

IBM Maximo Application Suite 9.1.0 <= 9.1.4

References

https://www.ibm.com/support/pages/node/7249416

vendor-advisorypatch

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Apr 15, 2025

JSON