CVE-2025-55109 is a critical authentication bypass vulnerability affecting BMC Control-M/Agent versions 9.0.18 through 9.0.20, as well as potentially earlier unsupported versions. The vulnerability stems from improper certificate validation (CWE-295) when the product uses an empty or default kdb keystore or a default PKCS#12 keystore. Specifically, the Control-M/Agent software contains hardcoded certificates that serve as fallback trust anchors if an empty kdb keystore is used; however, these certificates are expired and should no longer be trusted. Additionally, the default keystores include trusted third-party certificates from external recognized certificate authorities and default self-signed demo certificates. This configuration allows a remote attacker who possesses a signed third-party or demo certificate to bypass the requirement for a certificate signed by the organization’s internal certificate authority during client authentication. The vulnerability does not require prior authentication or user interaction and can be exploited remotely over the network. The CVSS v4.0 score of 9.5 (critical) reflects the high impact on confidentiality, integrity, and availability, as well as the complexity of exploitation being high but feasible without privileges. The vulnerability arises because the software trusts certificates that should not be trusted for client authentication, enabling attackers to impersonate legitimate clients and potentially gain unauthorized access to the Control-M/Agent environment. Control-M/Agent is widely used for workload automation and job scheduling in enterprise IT environments, making this vulnerability particularly dangerous as it could allow attackers to manipulate job execution, access sensitive operational data, or disrupt critical business processes.

For European organizations, the impact of this vulnerability is significant due to the widespread use of BMC Control-M in large enterprises, financial institutions, manufacturing, and public sector organizations. Exploitation could lead to unauthorized access to job scheduling systems, allowing attackers to alter, delay, or cancel automated tasks, potentially disrupting business operations and causing data integrity issues. Confidential data processed or transferred by these jobs could be exposed or manipulated. The authentication bypass also increases the risk of lateral movement within the network, as attackers could use compromised Control-M/Agent access to pivot to other critical systems. Given the criticality of workload automation in sectors like banking, energy, and government services across Europe, this vulnerability could have cascading effects on service availability and regulatory compliance, including GDPR obligations related to data protection and incident response. The lack of patches and the out-of-support status of affected versions further exacerbate the risk, forcing organizations to consider upgrade or mitigation strategies urgently.

1. Immediate upgrade to a supported version of BMC Control-M/Agent that addresses this vulnerability is the most effective mitigation. Since the affected versions are out-of-support, organizations should coordinate with BMC for guidance on secure versions or patches. 2. If upgrading is not immediately possible, organizations should replace default or empty kdb and PKCS#12 keystores with custom keystores containing only trusted, organization-signed certificates, removing all expired, demo, or third-party certificates that are not explicitly authorized. 3. Implement strict network segmentation and access controls to limit which systems can communicate with Control-M/Agent instances, reducing exposure to remote attackers. 4. Enable and monitor detailed authentication logs on Control-M/Agent to detect anomalous client certificate usage or unexpected authentication attempts. 5. Employ multi-factor authentication (MFA) at network or application layers where possible to add an additional barrier beyond certificate validation. 6. Conduct regular security audits and penetration tests focusing on certificate validation and authentication mechanisms within Control-M environments. 7. Develop and test incident response plans specifically addressing potential Control-M compromise scenarios to minimize operational impact.