CVE-2025-55115
BaseFortify
Publication date: 2025-09-16
Last updated on: 2025-10-10
Assigner: Airbus
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bmc | control-m\/agent | to 9.0.20.100 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-23 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a path traversal issue in the Control-M/Agent software that allows an attacker who already has access to the system running the Agent to escalate their privileges locally. Essentially, by exploiting the path traversal flaw, the attacker can gain higher-level permissions on the affected system.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with local access to the system to escalate their privileges, potentially gaining full control over the affected system. This can lead to unauthorized access, modification, or destruction of data and system resources.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the Control-M/Agent software to version 9.0.20.100 or above, as this vulnerability is fixed starting from that version. Avoid using out-of-support versions 9.0.18 to 9.0.20 and earlier unsupported versions.