he Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration). NOTE: * The vendor believes that this vulnerability only occurs when documented security best practices are not followed. BMC has always strongly recommended to use security best practices such as configuring SSL/TLS between Control-M Server and Agent. * The vendor notifies that Control-M/Agent is not impacted in Control-M SaaS
No configuration.
18 Nov 2025, 15:16
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration). NOTE: * The vendor believes that this vulnerability only occurs when documented security best practices are not followed. BMC has always strongly recommended to use security best practices such as configuring SSL/TLS between Control-M Server and Agent. * The vendor notifies that Control-M/Agent is not impacted in Control-M SaaS |
05 Nov 2025, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Published : 2025-11-05 09:15
Updated : 2025-11-18 15:16
NVD link : CVE-2025-55108
Mitre link : CVE-2025-55108
CVE.ORG link : CVE-2025-55108
JSON object : View
No product.
Missing Authentication for Critical Function