Unrated severityNVD Advisory· Published Sep 16, 2025· Updated Sep 16, 2025

BMC Control-M/Agent insecure default file permissions

CVE-2025-55111

Description

Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating to SSL files, keystore and policies. An attacker with local access to the system running the Agent can access these files.

Affected products

Control-M/Control-M/Agentllm-fuzzy
Range: >=9.0.18 <=9.0.20
BMC/Control-M/Agentv5
Range: 9.0.20

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bmcapps.my.site.com/casemgmt/sc_KnowledgeArticlemitrevendor-advisory
bmcapps.my.site.com/casemgmt/sc_KnowledgeArticlemitremitigation

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000