CVE-2025-14684
Received
Received - Intake
Log Injection Vulnerability in IBM Maximo Monitor Component
Vulnerability report for CVE-2025-14684, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-03-25
Last updated on: 2026-03-31
Assigner: IBM Corporation
Description
Description
IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | maximo_application_suite | From 8.10 (inc) to 8.10.26 (exc) |
| ibm | maximo_application_suite | From 8.11 (inc) to 8.11.24 (exc) |
| ibm | maximo_application_suite | From 9.0 (inc) to 9.0.16 (exc) |
| ibm | maximo_application_suite | From 9.1 (inc) to 9.1.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-117 | The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file. |