CVE-2025-55113

Name of the Vulnerable Software and Affected Versions Control-M/Agent versions 9.0.18 through 9.0.20 Control-M/Agent versions prior to 9.0.18 (potentially earlier unsupported versions)

Description The Access Control List (ACL) enforcement in Control-M/Agent can be bypassed when the C router is in use. The verification process halts at the first NULL byte found within the email address contained in the client certificate. An attacker can exploit this behavior to circumvent configured ACLs by utilizing a specially crafted certificate.

Recommendations For Control-M/Agent versions 9.0.18 through 9.0.20, update to a newer, supported version. For Control-M/Agent versions prior to 9.0.18, update to a newer, supported version.