CVE-2025-55110
BaseFortify
Publication date: 2025-09-16
Last updated on: 2025-09-17
Assigner: Airbus
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bmc | control-m_agent | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1392 | The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves Control-M/Agents using a default keystore password that is well known and documented. Because the keystore password is hardcoded and fixed, an attacker who gains read access to the keystore can use this password to access sensitive data stored within it, potentially compromising the security of the application. [1]
How can this vulnerability impact me? :
If an attacker obtains read access to the keystore, they can use the known default password to access sensitive data. This unauthorized access can lead to exposure of confidential information, potentially resulting in data breaches or other security incidents. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should change the default keystore password used by Control-M/Agents to a strong, unique password to prevent unauthorized access. Additionally, restrict read access to the keystore files to only authorized users. [1]