CVE-2025-55108

Name of the Vulnerable Software and Affected Versions BMC Control-M/Agent (affected versions not specified)

Description The Control-M/Agent is susceptible to unauthenticated remote code execution, arbitrary file read and write, and other unauthorized actions when mutual SSL/TLS authentication is not enabled, which is the default configuration. The vendor indicates that this issue arises only when documented security best practices are not followed, specifically the configuration of SSL/TLS between the Control-M Server and Agent.

Recommendations Enable mutual SSL/TLS authentication to mitigate the risk. Configure SSL/TLS between Control-M Server and Agent, following the vendor's security best practices.