Unauthenticated Remote Code Execution Vulnerability in Control-M/Agent by BMC
CVE-2025-55108
9.5CRITICAL
What is CVE-2025-55108?
The Control-M/Agent is exposed to unauthenticated remote code execution, arbitrary file read and write, and similar unauthorized activities if mutual SSL/TLS authentication is not configured. This vulnerability highlights the importance of adhering to documented security best practices. BMC recommends enforcing SSL/TLS protocols between Control-M Server and Agent to mitigate risks and enhance security posture.
Affected Version(s)
Control-M/Agent 9.0.22
Control-M/Agent 9.0.22
Control-M/Agent 9.0.21
References
CVSS V4
Score:
9.5
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Airbus SAS - Jean-Romain Garnier - [email protected]