Multiple vulnerabilities in IBM Edge Data Collector
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2025-55173 CVE-2025-57752 |
| CWE-ID | CWE-20 CWE-524 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Maximo Application Suite - Edge Data Collector Other software / Other software solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU114573
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-55173
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input within the Image Optimization feature. A remote attacker with control over external image sources can trigger file downloads with arbitrary content and filenames under specific configurations and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsMaximo Application Suite - Edge Data Collector: 8.11.0 - 9.1.2
CPE2.3- cpe:2.3:a:ibm_corporation:maximo_application_suite_-_edge_data_collector:8.11.20:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:maximo_application_suite_-_edge_data_collector:9.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:maximo_application_suite_-_edge_data_collector:9.1.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7253317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of cache containing sensitive information
EUVDB-ID: #VU114574
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-57752
CWE-ID:
CWE-524 - Use of Cache Containing Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper cache management in Image Optimization API. A remote attacker can gain access to sensitive images cached by the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsMaximo Application Suite - Edge Data Collector: 8.11.0 - 9.1.2
CPE2.3- cpe:2.3:a:ibm_corporation:maximo_application_suite_-_edge_data_collector:8.11.20:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:maximo_application_suite_-_edge_data_collector:9.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:maximo_application_suite_-_edge_data_collector:9.1.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7253317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
