CVE-2025-55113

216.73.217.22

· Published 16/09/2025 13:16 · Modified 17/09/2025 14:18

Labels: CVE-2025-55113 2025-09-16 CVE-2025-55113 CWE-158 [email protected]

Essential information

Published: 16/09/2025 13:16
Modified: 17/09/2025 14:18
Author: —
Creator: —
CVSS: 9.5 CRITICAL (v3) 9.5 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVA_AR setting in newer versions), the verification stops at the first NULL byte encountered in the email address referenced in the client certificate. An attacker could bypass configured ACLs by using a specially crafted certificate.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
ibm / control-m agent	`cpe:2.3:a:ibm:control-m_agent:9.0.18-9.0.20:::::::*`
ibm / control-m agent	`cpe:2.3:a:ibm:control-m_agent::::::::`