IBM Maximo Flaw Lets Hackers Bypass Cognos Controls
IBM has issued a critical advisory for a severe vulnerability in IBM Maximo Manage, part of the IBM Maximo Application Suite. Tracked as CVE-2025-36386 and rated 9.8 on the CVSS scale, the IBM Maximo flaw lets hackers gain unauthenticated access to Cognos Analytics. The company urges users to apply recommended remediation steps immediately to prevent potential exploitation.
The vulnerability impacts configurations where Maximo Manage is integrated with Cognos Analytics. Attackers could exploit this flaw remotely without authentication, significantly increasing the risk to enterprise systems. The IBM Maximo flaw lets hackers bypass security controls, potentially exposing sensitive data stored in analytics reports.
In addition to CVE-2025-36386, IBM highlighted several related vulnerabilities, including CVE-2025-11371, CVE-2025-54253, CVE-2025-27915, and CVE-2024-51466. IBM advises administrators to review the full advisory and implement patches as soon as possible to mitigate risks.
Read the full advisory at: