VYPR
Critical severity10.0NVD Advisory· Published Nov 5, 2025· Updated Apr 15, 2026

CVE-2025-55108

CVE-2025-55108

Description

The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration).

NOTE:

  • The vendor believes that this vulnerability only occurs when documented security best practices are not followed. BMC has always strongly recommended to use security best practices such as configuring SSL/TLS between Control-M Server and Agent.
  • The vendor notifies that Control-M/Agent is not impacted in Control-M SaaS

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.