Vulnerability Details CVE-2025-55112
Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between the Control-M/Agent and Server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.8%
CVSS Severity
CVSS v3 Score 7.4
References
Products affected by CVE-2025-55112
-
cpe:2.3:a:bmc:control-m/agent:6.3.1
-
cpe:2.3:a:bmc:control-m/agent:6.4.1
-
cpe:2.3:a:bmc:control-m/agent:9.0.20
-
cpe:2.3:a:bmc:control-m/agent:9.0.20.000
-
cpe:2.3:a:bmc:control-m/agent:9.0.20.100
-
cpe:2.3:a:bmc:control-m/agent:9.0.20.200