CVE-2025-55111 MEDIUM

CVE-2025-55111: BMC Control-M/Agent insecure default file permissions

Vendor Bmc
Product Control-M/Agent
Weakness CWE-276
Published September 16, 2025
Last update September 16, 2025

CVSS base score

5.7/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating to SSL files, keystore and policies. An attacker with local access to the system running the Agent can access these files.

Key dates

02Disclosure timeline

September 16, 2025 CVE published
September 16, 2025 Record updated