CVE-2025-55108
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-55108, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-05

Last updated on: 2025-11-18

Assigner: Airbus

Description

The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration). NOTE:Β  * The vendor believes that this vulnerability only occurs when documented security best practices are not followed. BMC has always strongly recommended to use security best practices such as configuring SSL/TLS between Control-M Server and Agent. * The vendor notifies that Control-M/Agent is not impacted in Control-M SaaS

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-05
Last Modified
2025-11-18
Generated
2026-07-06
AI Q&A
2025-11-05
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
bmc control-m_agent 4.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects the Control-M/Agent software, allowing unauthenticated remote attackers to execute arbitrary code, read and write files, and perform other unauthorized actions if mutual SSL/TLS authentication is not enabled. This situation typically occurs when the default configuration is used without following the vendor's recommended security best practices, such as configuring SSL/TLS between the Control-M Server and Agent.

Impact Analysis

If exploited, this vulnerability can lead to severe impacts including unauthorized remote code execution, which may allow attackers to take full control of the affected system. Additionally, attackers could read or modify sensitive files, potentially leading to data breaches, system compromise, and disruption of services.

Mitigation Strategies

To mitigate this vulnerability, immediately enable mutual SSL/TLS authentication between the Control-M Server and Agent as recommended by the vendor. Follow documented security best practices to ensure secure configuration and prevent unauthenticated remote code execution and unauthorized actions.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55108. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart