Vulnerability Details CVE-2025-55109
An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS#12 keystore. A remote attacker with access to a signed third-party or demo certificate for client authentication can bypass the need for a certificate signed by the certificate authority of the organization during authentication on the Control-M/Agent.
The Control-M/Agent contains hardcoded certificates which are only trusted as fallback if an empty kdb keystore is used; they are never trusted if a PKCS#12 keystore is used. All of these certificates are now expired.
In addition, the Control-M/Agent default kdb and PKCS#12 keystores contain trusted third-party certificates (external recognized CAs and default self-signed demo certificates) which are trusted for client authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.8%
CVSS Severity
CVSS v3 Score 9.0
References
Products affected by CVE-2025-55109
-
cpe:2.3:a:bmc:control-m/agent:6.3.1
-
cpe:2.3:a:bmc:control-m/agent:6.4.1
-
cpe:2.3:a:bmc:control-m/agent:9.0.20
-
cpe:2.3:a:bmc:control-m/agent:9.0.20.000
-
cpe:2.3:a:bmc:control-m/agent:9.0.20.100
-
cpe:2.3:a:bmc:control-m/agent:9.0.20.200
-
cpe:2.3:a:bmc:control-m/agent:9.0.21
-
cpe:2.3:a:bmc:control-m/agent:9.0.21.000
-
cpe:2.3:a:bmc:control-m/agent:9.0.21.100
-
cpe:2.3:a:bmc:control-m/agent:9.0.21.200
-
cpe:2.3:a:bmc:control-m/agent:9.0.21.300
-
cpe:2.3:a:bmc:control-m/agent:9.0.22