Medium severity5.3NVD Advisory· Published Sep 16, 2025· Updated Apr 15, 2026

CVE-2025-55114

Description

The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions (e.g. CVE-2025-55117 or CVE-2025-55118) or potentially to resource exhaustion.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bmcapps.my.site.com/casemgmt/sc_KnowledgeArticlenvd
bmcapps.my.site.com/casemgmt/sc_KnowledgeArticlenvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000