Vulnerability Description
Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating to SSL files, keystore and policies. An attacker with local access to the system running the Agent can access these files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bmc | Control-M\/Agent | < 9.0.21 |
| Linux | Linux Kernel | - |
Related Weaknesses (CWE)
References
- https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441965Vendor Advisory
- https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099Vendor Advisory
FAQ
What is CVE-2025-55111?
CVE-2025-55111 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versio...
How severe is CVE-2025-55111?
CVE-2025-55111 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-55111?
Check the references section above for vendor advisories and patch information. Affected products include: Bmc Control-M\/Agent, Linux Linux Kernel.