Unrated severityNVD Advisory· Published Sep 16, 2025· Updated Feb 26, 2026
BMC Control-M/Agent hardcoded Blowfish keys
CVE-2025-55112
Description
Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between the Control-M/Agent and Server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >=9.0.18 <=9.0.20 or earlier unsupported versions
- Range: 9.0.20
Patches
Vulnerability mechanics
References
2- bmcapps.my.site.com/casemgmt/sc_KnowledgeArticlemitrevendor-advisory
- bmcapps.my.site.com/casemgmt/sc_KnowledgeArticlemitremitigation
News mentions
0No linked articles in our index yet.