CVE-2025-55113

Critical CVSS: 9.5

If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVA_AR setting in newer versions), the verification stops at the first NULL byte encountered in the email address referenced in the client certificate. An attacker could bypass configured ACLs by using a specially crafted certificate.

Vendor

Bmc

Product

Control-m\/agent

CWE

CWE-158

Yayın Tarihi

2025-09-16 13:16:07

Güncelleme

2025-10-10 14:08:43

Source Identifier

cert@airbus.com

KEV Date Added

Kategoriler

CWE-158 Control-m\/agent CRITICAL Bmc 2025

Referanslar

https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441967 https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099

Benzer Kayıtlar

Medium

CVE-2025-55117

A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL…

Critical

CVE-2025-55115

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the syst…

Critical

CVE-2025-55116

A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the sys…

High

CVE-2025-55112

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configu…

Medium

CVE-2025-55111

Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 t…

Critical

CVE-2025-55109

An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potent…