CVE-2025-55117

Summary

A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured.

The issue occurs in the following cases:

  • Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n";
  • Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n".

Affected Software

VendorProductVersion RangeStatus
BMCControl-M/Agent9.0.22.000affected
BMCControl-M/Agent9.0.21affected
BMCControl-M/Agent9.0.20affected
BMCControl-M/Agent9.0.19affected
BMCControl-M/Agent9.0.18affected

Weaknesses

  • CWE-121: CWE-121 Stack-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References