Every CVE whose affected-product data names Bmc Control-m/agent, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2025-55113 — CVSS 9.0 (critical): If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent…
CVE-2025-55109 — CVSS 9.0 (critical): An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier…
CVE-2025-55115 — CVSS 8.8 (high): A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the…
CVE-2025-55116 — CVSS 8.8 (high): A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the…
CVE-2025-55112 — CVSS 7.4 (high): Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the…
CVE-2025-55111 — CVSS 5.5 (medium): Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and…
CVE-2025-55117 — CVSS 5.3 (medium): A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication…