CVE-2025-55110 MEDIUM

CVE-2025-55110: BMC Control-M/Agent hardcoded default keystore password

Vendor Bmc
Product Control-M/Agent
Weakness CWE-1392
Published September 16, 2025
Last update September 16, 2025

CVSS base score

5.7/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented. An attacker with read access to the keystore could access sensitive data using this password.

Key dates

02Disclosure timeline

September 16, 2025 CVE published
September 16, 2025 Record updated