CVE-2025-55108CRITICAL 10.0EPSS p48.4%

CVE-2025-55108CVE-2025-55108

Description

The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration). NOTE:  * The vendor believes that this vulnerability only occurs when documented security best practices are not followed. BMC has always strongly recommended to use security best practices such as configuring SSL/TLS between Control-M Server and Agent. * The vendor notifies that Control-M/Agent is not impacted in Control-M SaaS

Scoring

CVSS 3.110.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.70% probability of exploitation · percentile 48.4% · 2026-06-18T12:00:27Z
Published2025-11-05
Last modified2026-04-15

Underlying weaknesses· 1

CWE-306

References

  1. https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441962
  2. https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099
  3. https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442271

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-55118
CVE
CVE-2025-55109
CVE
CVE-2025-55116
CVE
CVE-2025-55115
CVE
CVE-2025-71257
CVE
CVE-2025-3200
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.