CVE-2025-55117 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-55117?

CVE-2025-55117 has a CVSS score of 5.3 (MEDIUM). A stack-based buffer overflow vulnerability in Control-M/Agent allows remote attackers to potentially execute arbitrary code or crash the service when SSL/TLS communication is configured with specific non-default settings. This affects Control-M/Agent versions 9.0.20-9.0.22 with particular configuration combinations. Organizations using these versions with non-default SSL/TLS settings are at risk.

📋 TL;DR

A stack-based buffer overflow vulnerability in Control-M/Agent allows remote attackers to potentially execute arbitrary code or crash the service when SSL/TLS communication is configured with specific non-default settings. This affects Control-M/Agent versions 9.0.20-9.0.22 with particular configuration combinations. Organizations using these versions with non-default SSL/TLS settings are at risk.

💻 Affected Systems

Products:

BMC Control-M/Agent

Versions: 9.0.20, 9.0.21, 9.0.22

Operating Systems: All supported platforms for Control-M/Agent

Default Config Vulnerable: ✅ No

Notes: Vulnerable only with specific non-default SSL/TLS configurations: For 9.0.20: use_openssl=n; For 9.0.21-9.0.22: JAVA_AR=N AND use_openssl=n

📦 What is this software?

Control M\/agent by Bmc

View all CVEs affecting Control M\/agent →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or lateral movement within the network.

🟠

Likely Case

Service crash causing denial of service and disruption of Control-M automation workflows.

🟢

If Mitigated

Limited impact due to non-default configuration requirements and network segmentation.

🌐 Internet-Facing: MEDIUM - Requires specific non-default configurations but could be exploited remotely if exposed.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if vulnerable configurations are present.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires specific non-default configurations and triggering error conditions during SSL/TLS communication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.0.23 or later

Vendor Advisory: https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441972

Restart Required: Yes

Instructions:

1. Download Control-M/Agent 9.0.23 or later from BMC support portal. 2. Backup current configuration. 3. Install the updated version following BMC's upgrade procedures. 4. Restart the Control-M/Agent service.

🔧 Temporary Workarounds

Disable vulnerable SSL/TLS configurations

all

Change SSL/TLS configuration to use default settings or secure alternatives

Edit agent configuration to set use_openssl=y (default)
For 9.0.21-9.0.22: Also set JAVA_AR=Y (default)

🧯 If You Can't Patch

Implement network segmentation to restrict access to Control-M/Agent ports
Monitor for unusual traffic patterns or connection attempts to Control-M/Agent services

🔍 How to Verify

Check if Vulnerable:

Check Control-M/Agent version and configuration: 1. Verify version is 9.0.20, 9.0.21, or 9.0.22. 2. Check if use_openssl=n is set. 3. For 9.0.21-9.0.22, check if JAVA_AR=N is also set.

Check Version:

ctmagent -v or check agent installation directory version files

Verify Fix Applied:

1. Confirm Control-M/Agent version is 9.0.23 or later. 2. Verify SSL/TLS communication functions normally. 3. Test error handling during SSL/TLS operations.

📡 Detection & Monitoring

Log Indicators:

Multiple SSL/TLS handshake failures
Stack overflow or memory violation errors in agent logs
Unexpected agent restarts or crashes

Network Indicators:

Unusual traffic patterns to Control-M/Agent ports (typically 7005-7006)
Multiple failed SSL/TLS connections from single sources

SIEM Query:

source="control-m-agent" AND ("SSL error" OR "buffer overflow" OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2025-55117

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-121

EPSS Score: 0.04% exploit probability (10.3th percentile)

Published: September 16, 2025

Last Updated: October 10, 2025

🔗 References

https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441972 Mitigation,Vendor Advisory
https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55117, you might also want to check these: