CVE-2025-55118
📋 TL;DR
A heap-based buffer overflow vulnerability in BMC Control-M/Agent allows remote attackers to trigger memory corruption via SSL/TLS communication. This affects Control-M/Agent versions 9.0.20-9.0.22 with specific non-default SSL/TLS configurations. Successful exploitation could lead to remote code execution or denial of service.
💻 Affected Systems
- BMC Control-M/Agent
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with SYSTEM/root privileges leading to complete system compromise
Likely Case
Denial of service causing agent crashes and workflow disruption
If Mitigated
Limited impact due to non-default configuration requirement
🎯 Exploit Status
Requires specific non-default configuration and SSL/TLS communication to trigger
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.0.23 or later
Vendor Advisory: https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441972
Restart Required: Yes
Instructions:
1. Download Control-M/Agent 9.0.23 or later from BMC support portal. 2. Backup current configuration. 3. Install the updated version following BMC's upgrade procedures. 4. Restart the Control-M/Agent service.
🔧 Temporary Workarounds
Revert to default SSL/TLS configuration
allChange SSL/TLS configuration to use default OpenSSL settings instead of non-default configuration
Edit agent configuration file to set use_openssl=y and JAVA_AR=Y (for 9.0.21-9.0.22)
Restrict network access
allLimit network access to Control-M/Agent to trusted sources only
Configure firewall rules to restrict access to Control-M/Agent ports (typically 7005-7010)
🧯 If You Can't Patch
- Immediately revert to default SSL/TLS configuration (use_openssl=y, JAVA_AR=Y)
- Implement strict network segmentation and firewall rules to limit agent exposure
🔍 How to Verify
Check if Vulnerable:
Check Control-M/Agent version and configuration: version must be 9.0.20-9.0.22 AND configuration must have use_openssl=n (and JAVA_AR=N for 9.0.21-9.0.22)Check Version:
ctmagent -version or check agent installation directory for version fileVerify Fix Applied:
Verify version is 9.0.23 or later, or configuration has been changed to use_openssl=y (and JAVA_AR=Y for 9.0.21-9.0.22)📡 Detection & Monitoring
Log Indicators:
- Unexpected agent crashes
- Memory access violation errors in agent logs
- SSL/TLS handshake failures
Network Indicators:
- Unusual SSL/TLS traffic patterns to agent ports
- Connection attempts with malformed SSL/TLS packets
SIEM Query:
source="control-m-agent" AND (event_type="crash" OR error="memory" OR error="buffer")