CVE-2025-55111

MEDIUM EPSS 2.1%

Published Sep 16, 20259mo ago · Modified Jun 17, 20261w ago

5.7 CVSS 4.0

Medium

Published Sep 16, 2025 9mo ago

Last Modified Jun 17, 2026 1w ago

Description

Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating to SSL files, keystore and policies. An attacker with local access to the system running the Agent can access these files.

CVSS Details

Base Score

5.7

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

2.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-276

Affected Products 2

Vendor	Product	Version	Range
bmc	control-m\/agent	*	<9.0.21
linux	linux_kernel	*	any

References 2

bmcapps.my.site.com https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441965

Vendor Advisory
bmcapps.my.site.com https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.