Security Bulletin: IBM Maximo Scheduler Optimizer uses dompurify-3.2.4.tgz which is vulnerable to CVE-2025-15599, CVE-2026-0540 — CVE-2025-15599

IBM · CVE-2025-15599

ID
CVE-2025-15599

Date
2026-06-10

Activity
2026-06-10

Source
IBM

Threat
medium

Summary

CVE-2025-15599 is a advisory from IBM. Security Bulletin: IBM Maximo Scheduler Optimizer uses dompurify-3.2.4.tgz which is vulnerable to CVE-2025-15599, CVE-2026-0540 Severity/Threat: medium.

Product

IBM Maximo Scheduler Optimization

What to do

General, cautious steps (verify details in the official source):

Review exposure and plan remediation based on risk and environment.
Identify affected product versions in your inventory and verify whether you are impacted.
Apply vendor patches/updates or recommended mitigations as soon as available.
Read the official advisory for exact affected versions and remediation steps.

Official advisory

Related advisories

Security Bulletin: IBM Verify Identity Protection Self-Hosted is affected by multiple vulnerabilities

2026-06-19 CVE-2025-14928

highIBM 2026-W25

Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager is vulnerable to Buffer overflow in OMR

2026-06-18 CVE-2026-1188

criticalIBM 2026-W25

Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

2026-06-18 CVE-2023-44487

criticalIBM 2026-W25

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by an authentication bypass vulnerability

2026-06-18 CVE-2026-10845

lowIBM 2026-W25

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities

2026-06-18 CVE-2026-9320

lowIBM 2026-W25

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities when using the Web Server Plug-ins

2026-06-18 CVE-2026-10852

lowIBM 2026-W25