Critical severity10.0NVD Advisory· Published Nov 5, 2025· Updated Apr 15, 2026

CVE-2025-55108

Description

The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration).

NOTE:

The vendor believes that this vulnerability only occurs when documented security best practices are not followed. BMC has always strongly recommended to use security best practices such as configuring SSL/TLS between Control-M Server and Agent.

The vendor notifies that Control-M/Agent is not impacted in Control-M SaaS

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bmcapps.my.site.com/casemgmt/sc_KnowledgeArticlenvd
bmcapps.my.site.com/casemgmt/sc_KnowledgeArticlenvd
bmcapps.my.site.com/casemgmt/sc_KnowledgeArticlenvd

News mentions

No linked articles in our index yet.

cvss	0.650
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000