CVE-2025-14684

Published Mar 25, 2026

Last updated 16 days ago

CVSS medium 4.0

Overview

Description
IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.
Source
psirt@us.ibm.com
NVD status
Analyzed
Products
maximo_application_suite

Risk scores

CVSS 3.1

Type
Primary
Base score
3.3
Impact score
1.4
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity
LOW

Weaknesses

psirt@us.ibm.com
CWE-117

Social media

Hype score
Not currently trending

  1. 🚨*CVE* CVE-2025-14684 IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutraliza… https://t.co/5IQg4Z4ar6 ----- Traducción: CVE-2025-14684 IBM… https://t.co/utmtNg

    @infoflowcloud

    26 Mar 2026

    125 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-14684 IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutraliza… https://t.co/vn8lOGei25

    @CVEnew

    26 Mar 2026

    188 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CYBERDUDEBIVASH SENTINEL APEX ALERT 🚨 Threat: CVE-2025-14684 - IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to . Intel Report: https://t.co/xDkWBDdR63

    @cyberbivash

    26 Mar 2026

    109 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.CVE-2026-4820
  2. IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC) configurations.CVE-2025-2898
  3. IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened.CVE-2025-1500
  4. IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries.CVE-2024-35150
  5. IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVE-2024-35145

References

Sources include official advisories and independent security research.