CVE-2025-55118

8.9 HIGH
Published: September 16, 2025 Modified: November 18, 2025
View on NVD

Description

Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n"

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441972
Source: cert@airbus.com
https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099
Source: cert@airbus.com

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
8.9 / 10.0
EPSS (Exploit Probability)
0.1%
18th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-122 CWE-125 CWE-191 CWE-415 CWE-416 CWE-665 CWE-787 CWE-835

Related CVEs

CVE-2025-69261 N/A
CVE-2025-69257 6.7
CVE-2025-69210 N/A
CVE-2025-66823 N/A
CVE-2025-50343 N/A