CVE-2025-55114— BMC Control-M/Agent improper IP address filtering order
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-55114
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BMC Control-M/Agent improper IP address filtering order
Source: NVD (National Vulnerability Database)
Vulnerability Description
The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions (e.g. CVE-2025-55117 or CVE-2025-55118) or potentially to resource exhaustion.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
不正确的行为次序
Source: NVD (National Vulnerability Database)
Vulnerability Title
BMC Control-M 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
BMC Control-M是BMC公司的一个应用程序。简化了本地或作为服务的应用程序和数据工作流编排。 BMC Control-M/Agent存在安全漏洞,该漏洞源于AUTHORIZED_CTM_IP验证顺序不当,可能导致SSL/TLS实现漏洞或资源耗尽。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| BMC | Control-M/Agent | 9.0.21 | - |
II. Public POCs for CVE-2025-55114
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-55114
请登录查看更多情报信息。
Same Patch Batch · BMC · 2025-09-16 · 10 CVEs total
| CVE-2025-55113 | 9.0 CRITICAL | BMC Control-M/Agent unescaped NULL byte in access control list checks |
| CVE-2025-55109 | 9.0 CRITICAL | BMC Control-M/Agent default SSL/TLS configuration authenticated bypass |
| CVE-2025-55118 | 8.9 HIGH | BMC Control-M/Agent memory corruption in SSL/TLS communication |
| CVE-2025-55115 | 8.8 HIGH | BMC Control-M/Agent path traversal local privilege escalation |
| CVE-2025-55116 | 8.8 HIGH | BMC Control-M/Agent buffer overflow local privilege escalation |
| CVE-2025-55112 | 7.4 HIGH | BMC Control-M/Agent hardcoded Blowfish keys |
| CVE-2025-55111 | 5.5 MEDIUM | BMC Control-M/Agent insecure default file permissions |
| CVE-2025-55110 | 5.5 MEDIUM | BMC Control-M/Agent hardcoded default keystore password |
| CVE-2025-55117 | 5.3 MEDIUM | BMC Control-M/Agent buffer overflow in SSL/TLS communication |
IV. Related Vulnerabilities
Same product: Control-M/Agent
- CVE-2025-55108
BMC Control-M/Agent default configuration does not enforce S - CVE-2025-55118
BMC Control-M/Agent memory corruption in SSL/TLS communicati - CVE-2025-55117
BMC Control-M/Agent buffer overflow in SSL/TLS communication - CVE-2025-55116
BMC Control-M/Agent buffer overflow local privilege escalati - CVE-2025-55115
BMC Control-M/Agent path traversal local privilege escalatio
Same vendor: BMC
- CVE-2025-55108
BMC Control-M/Agent default configuration does not enforce S - CVE-2025-55118
BMC Control-M/Agent memory corruption in SSL/TLS communicati - CVE-2025-55117
BMC Control-M/Agent buffer overflow in SSL/TLS communication - CVE-2025-55116
BMC Control-M/Agent buffer overflow local privilege escalati - CVE-2025-55115
BMC Control-M/Agent path traversal local privilege escalatio
V. Comments for CVE-2025-55114
No comments yet