Main Vulnerability Database SB2026012336

SB2026012336 - IBM Maximo Application Suite - Visual Inspection Component update for Starlette

Published: January 23, 2026

Security Bulletin ID SB2026012336

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2025-54121)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to when parsing a multi-part form with large files (greater than the default max spool size) starlette will block the main thread to roll the file over to disk. This blocks the event thread which means the application can't accept new connections. The UploadFile code has a minor bug where instead of just checking for self._in_memory, the logic should also check if the additional bytes will cause a rollover. A remote attacker can the vulnerability and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7252619