Control-M/Agent 9.0.20.000 and lower is affected by CVE-2025-55115 : path traversal local privilege escalation, and CVE-2025-55116 : buffer overflow local privilege escalation

Knowledge Article

Article Number

000441969

Old Article Number

Article Type

Solutions to a Product Problem

Title

Control-M/Agent 9.0.20.000 and lower is affected by CVE-2025-55115 : path traversal local privilege escalation, and CVE-2025-55116 : buffer overflow local privilege escalation

Summary

Product

Control-M/Agent for UNIX and Microsoft Windows

Component

Control-M/Agent for UNIX and Microsoft Windows

Applies to

Control-M/Agent version 9.0.20.000 and lower ; Unix/ Linux, Windows

Problem

CVE-2025-55115

Control-M/Agent path traversal local privilege escalation

Severity: High (8.8)

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above.

CVE-2025-55116

Control-M/Agent buffer overflow local privilege escalation

Severity: High (8.8)

A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent.This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions.

Cause

CVE-2025-55115 ; CVE-2025-55116

Solution

Primary Solution:

Upgrade to a fully supported version of Control-M/Agent (if not on a supported version).
BMC recommends upgrading Control-M/Agent to the latest major version and Fix Pack available.

Alternate Solution:

Until able to upgrade to a fully supported version, BMC recommends upgrading Control-M/Agent to version 9.0.20.200 where the fix is implemented with CTM-4553 and CTM-5157.

Attachment(s):