CVE-2025-55118

CVSS v3.1

8.9

High

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

Name of the Vulnerable Software and Affected Versions Control-M/Agent versions 9.0.20 through 9.0.22

Description Memory corruptions can be remotely triggered in Control-M/Agent when SSL/TLS communication is configured. This issue occurs when specific non-default settings are enabled.

Recommendations Control-M/Agent version 9.0.20: Avoid setting the SSL/TLS configuration to "use openssl=n". Control-M/Agent versions 9.0.21 and 9.0.22: Avoid using the agent router configuration with the non-default settings "JAVA AR=N" and "use openssl=n".

Fix

Out of bounds Read

Improper Initialization

Memory Corruption

Integer Underflow

Infinite Loop

Use After Free

Heap Based Buffer Overflow

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-665CWE-787CWE-191CWE-835CWE-416CWE-122CWE-415

Related Identifiers

CVE-2025-55118

Affected Products

Control-M/Agent

CVE-2025-55118

Weakness Enumeration

Related Identifiers

Affected Products

References · 5