PT-2025-37941 · Bmc · Control-M/Agent
Published
2025-09-16
·
Updated
2025-09-29
·
CVE-2025-55111
CVSS v4.0
5.7
Medium
| Vector | AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Control-M/Agent versions 9.0.18 through 9.0.20
Description
Files with overly permissive permissions were identified, potentially exposing keys and passwords related to SSL files, keystores, and policies. An attacker with local access to the system running the Agent can access these files.
Recommendations
Control-M/Agent versions 9.0.18 through 9.0.20: Restrict file permissions to prevent unauthorized access to sensitive information such as SSL keys and passwords.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Control-M/Agent