CVE-2025-48709

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BMC Control-M version 9.0.21.300

Description An issue exists where the Control-M Server, when connected to a database, frequently runs DBUStatus.exe. This process then calls dbu connection details.vbs, passing the username, password, database hostname, and port in cleartext. These credentials can be observed in event and process logs in multiple locations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insertion into Log File

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-214CWE-532CWE-522

Related Identifiers

CVE-2025-48709

Affected Products

Bmc Control-M

Dbustatus.Exe

Dbu Connection Details.Vbs

CVE-2025-48709

Weakness Enumeration

Related Identifiers

Affected Products

References · 11