CVE-2025-48709
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-07

Last updated on: 2025-12-18

Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government

Description
BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on, it runs 'DBUStatus.exe' frequently, which then calls 'dbu_connection_details.vbs' with the username, password, database hostname, and port written in cleartext, which can be seen in event and process logs in two separate locations. Fixed in PACTV.9.0.21.307.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-07
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-08-07
EPSS Evaluated
2026-05-05
NVD
CVE-2025-48709
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bmc control-m\/server 9.0.21.300
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-214 A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.
CWE-532 The product writes sensitive information to a log file.
CWE-522 The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in BMC Control-M 9.0.21.300 where the Control-M Server frequently runs DBUStatus.exe, which calls a script (dbu_connection_details.vbs) passing sensitive information such as username, password, database hostname, and port in cleartext. These details are then recorded in event and process logs in two separate locations, exposing sensitive credentials.


How can this vulnerability impact me? :

The vulnerability can lead to exposure of sensitive database credentials in cleartext within logs, which could be accessed by unauthorized users. This exposure increases the risk of unauthorized database access, data breaches, and potential compromise of the affected system.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking event and process logs for occurrences of DBUStatus.exe and the script dbu_connection_details.vbs, which contain cleartext usernames, passwords, database hostnames, and ports. Commands to search for these might include using Windows Event Viewer to inspect logs or using PowerShell commands such as 'Get-EventLog' or 'Get-WinEvent' to filter for DBUStatus.exe or dbu_connection_details.vbs entries. Additionally, process monitoring tools can be used to observe DBUStatus.exe executions.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to event and process logs to prevent unauthorized viewing of cleartext credentials, monitoring and auditing the use of DBUStatus.exe and dbu_connection_details.vbs, and applying any available patches or updates from BMC for Control-M. Additionally, consider changing database credentials and using secure methods for credential storage and transmission.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart