CVE-2025-1500 MEDIUM

CVE-2025-1500: IBM Maximo Application Suite file upload

Vendor Ibm
Product Maximo Application Suite
Weakness CWE-434 · Unrestricted file upload
Published April 5, 2025
Last update September 1, 2025

CVSS base score

5.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened.

Key dates

02Disclosure timeline

April 5, 2025 CVE published
September 1, 2025 Record updated