Stack-Based Buffer Overflow in Control-M/Agent by BMC Software
CVE-2025-55117

6.3MEDIUM

Key Information:

Vendor: Bmc
Status: Control-m/agent
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-55117?

A stack-based buffer overflow vulnerability exists in Control-M/Agent that can be exploited remotely when formatting error messages under specific SSL/TLS configurations. The issue manifests when the non-default setting 'use_openssl=n' is employed for Control-M/Agent version 9.0.20, or when both the 'JAVA_AR=N' and 'use_openssl=n' configurations are used in versions 9.0.21 and 9.0.22. This flaw may allow attackers to manipulate application behavior, potentially leading to unauthorized access or service disruption.

Affected Version(s)

Control-M/Agent 9.0.22.000

Control-M/Agent 9.0.21

References

https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?...

vendor-advisory

https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?...

mitigation

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Aug 7, 2025

Credit

Airbus SAS - Jean-Romain Garnier - [email protected]

Bmc

What is CVE-2025-55117?

Affected Version(s)

References

CVSS V4

Timeline

Credit