216.73.217.64

CVE-2025-48709

· Published 07/08/2025 20:15 · Modified 07/08/2025 21:26

Labels: CVE-2025-48709 2025-08-07CVE-2025-48709[email protected]

Essential information

Published
07/08/2025 20:15
Modified
07/08/2025 21:26
Author
Creator
CISA KEV
No
CWE

Description

An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbu_connection_details.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process logs in two separate locations.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
bmc / control-m cpe:2.3:a:bmc:control-m:9.0.21.300:*:*:*:*:*:*:*

References