CVE-2025-55111
BaseFortify
Publication date: 2025-09-16
Last updated on: 2025-09-29
Assigner: Airbus
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bmc | control-m\/agent | to 9.0.21 (exc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves certain files in Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions, as well as newer versions upgraded from affected ones, having overly permissive permissions. These files contain sensitive information such as keys and passwords related to SSL files, keystore, and policies. An attacker with local access to the system running the Agent can exploit this by accessing these sensitive files.
How can this vulnerability impact me? :
If an attacker gains local access to the system running the affected Control-M/Agent, they can access sensitive files containing keys and passwords. This could lead to unauthorized access to SSL credentials and keystore information, potentially compromising the security of encrypted communications and authentication mechanisms.