CVE-2025-1500

CWE-434 — Unrestricted File Upload5 documents5 sources

Severity

8.0HIGH

EPSS

0.2%

top 63.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Maximo Application Suite

Timeline

PublishedApr 5

Latest updateSep 2

Description

IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages2 packages

▶NVDibm/maximo_application_suite9.0 — 9.0.7

▶CVEListV5ibm/maximo_application_suite9.0

🔴Vulnerability Details

GHSA

GHSA-2749-6w3x-fm28: IBM Maximo Application Suite 9↗2025-04-07

▶

CVEList

IBM Maximo Application Suite file upload↗2025-04-05

▶

💥Exploits & PoCs

Exploit-DB

Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials↗2025-08-11

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2025-12905↗2025-09-02

▶