CVE-2025-55118
HIGHControl-M/Agent <9.0.20,9.0.21,9.0.22 - Memory Corruption
Title source: llmDescription
Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n"
Scores
CVSS v3
8.9
EPSS
0.0002
EPSS Percentile
6.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-122
CWE-125
CWE-191
CWE-415
CWE-416
CWE-665
CWE-787
CWE-835
Status
published
Products (5)
BMC/Control-M/Agent
9.0.18
BMC/Control-M/Agent
9.0.19
BMC/Control-M/Agent
9.0.20
BMC/Control-M/Agent
9.0.21
BMC/Control-M/Agent
9.0.22.000
Published
Sep 16, 2025
Tracked Since
Feb 18, 2026