Bmc · Bmc Control-M · CVE-2025-48709
**Name of the Vulnerable Software and Affected Versions**
BMC Control-M version 9.0.21.300
**Description**
An issue exists where the Control-M Server, when connected to a database, frequently runs `DBUStatus.exe`. This process then calls `dbu connection details.vbs`, passing the `username`, `password`, database `hostname`, and `port` in cleartext. These credentials can be observed in event and process logs in multiple locations.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.