CVE-2025-55108
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-05

Last updated on: 2025-11-18

Assigner: Airbus

Description
The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration). NOTE:Β  * The vendor believes that this vulnerability only occurs when documented security best practices are not followed. BMC has always strongly recommended to use security best practices such as configuring SSL/TLS between Control-M Server and Agent. * The vendor notifies that Control-M/Agent is not impacted in Control-M SaaS
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-05
Last Modified
2025-11-18
Generated
2026-06-16
AI Q&A
2025-11-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-55108
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bmc control-m_agent 4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the Control-M/Agent software, allowing unauthenticated remote attackers to execute arbitrary code, read and write files, and perform other unauthorized actions if mutual SSL/TLS authentication is not enabled. This situation typically occurs when the default configuration is used without following the vendor's recommended security best practices, such as configuring SSL/TLS between the Control-M Server and Agent.

Impact Analysis

If exploited, this vulnerability can lead to severe impacts including unauthorized remote code execution, which may allow attackers to take full control of the affected system. Additionally, attackers could read or modify sensitive files, potentially leading to data breaches, system compromise, and disruption of services.

Mitigation Strategies

To mitigate this vulnerability, immediately enable mutual SSL/TLS authentication between the Control-M Server and Agent as recommended by the vendor. Follow documented security best practices to ensure secure configuration and prevent unauthenticated remote code execution and unauthorized actions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55108. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart