CVE-2025-55114

EUVD-2025-29568
The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions (e.g. CVE-2025-55117 or CVE-2025-55118) or potentially to resource exhaustion.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
airbusCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
bmccontrol-m\/agent
9.0.20
CNA
bmccontrol-m\/agent
9.0.19
CNA
bmccontrol-m\/agent
9.0.18
CNA
Common Weakness Enumeration
References
https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441968
https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099