CVE-2025-55108
BaseFortify
Publication date: 2025-11-05
Last updated on: 2025-11-18
Assigner: Airbus
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bmc | control-m_agent | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the Control-M/Agent software, allowing unauthenticated remote attackers to execute arbitrary code, read and write files, and perform other unauthorized actions if mutual SSL/TLS authentication is not enabled. This situation typically occurs when the default configuration is used without following the vendor's recommended security best practices, such as configuring SSL/TLS between the Control-M Server and Agent.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to severe impacts including unauthorized remote code execution, which may allow attackers to take full control of the affected system. Additionally, attackers could read or modify sensitive files, potentially leading to data breaches, system compromise, and disruption of services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately enable mutual SSL/TLS authentication between the Control-M Server and Agent as recommended by the vendor. Follow documented security best practices to ensure secure configuration and prevent unauthenticated remote code execution and unauthorized actions.