CVE-2025-55118

216.73.216.233

· Published 16/09/2025 13:16 · Modified 17/09/2025 14:18

Labels: CVE-2025-55118 2025-09-16 CVE-2025-55118 CWE-122 [email protected]

Essential information

Published: 16/09/2025 13:16
Modified: 17/09/2025 14:18
Author: —
Creator: —
CVSS: 8.4 HIGH (v3) 8.4 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n".

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
control-m / control-m agent	`cpe:2.3:a:control-m:control-m_agent:9.0.20:::::::*`
control-m / control-m agent	`cpe:2.3:a:control-m:control-m_agent:9.0.21:::::::*`
control-m / control-m agent	`cpe:2.3:a:control-m:control-m_agent:9.0.22:::::::*`