Summary Security Bulletin: IBM Maximo Application Suite – Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-24010. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-24010 DESCRIPTION: Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6. CWE:CWE-346: Origin Validation Error CVSS Source: [email protected] CVSS Base score: 6.5 CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Maximo Application Suite – Manage Component| 9.0 IBM Maximo Application Suite – Manage Component| 8.7 IBM Maximo Application Suite – Manage Component| 8.6 Remediation/Fixes MAS| Manage Patch Fix or Release —|— Upgrade to MAS 8.10.10| Upgrade to Manage 8.6.27 or latest (available from the Catalog under Update Available) Upgrade to MAS 8.11.21| Upgrade to Manage 8.7.21 or latest (available from the Catalog under Update Available) Upgrade to MAS 9.0.10| Upgrade to Manage 9.0.11 or latest (available from the Catalog under Update Available) Workarounds and Mitigations…Read More