6.9
CVE-2025-55114
- EPSS 0.36%
- Veröffentlicht 16.09.2025 12:20:30
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cert@airbus.com
- CVE-Watchlists
- Unerledigt
BMC Control-M/Agent improper IP address filtering order
The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions (e.g. CVE-2025-55117 or CVE-2025-55118) or potentially to resource exhaustion.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerBMC
≫
Produkt
Control-M/Agent
Default Statusaffected
Version
9.0.21
Status
unaffected
Version
9.0.20
Status
affected
Version
9.0.19
Status
affected
Version
9.0.18
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.278 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cert@airbus.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cert@airbus.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-696 Incorrect Behavior Order
The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.
https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099
https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441968