CVE-2025-55110 is a vulnerability identified in BMC's Control-M/Agent product versions 9.0.18 through 9.0.22. The issue arises from the use of default credentials protecting the keystore files (either kdb or PKCS#12 format) used by the Control-M/Agent. These keystores store sensitive cryptographic material, and the default password protecting them is well known and publicly documented. An attacker who gains read access to the keystore files can leverage the default password to decrypt or access sensitive data contained within. This vulnerability is classified under CWE-1392, which relates to the use of default credentials. The CVSS 4.0 base score is 5.7 (medium severity), with the vector indicating that the attack requires local access (AV:L), low attack complexity (AC:L), privileges (PR:L), no user interaction (UI:N), and impacts confidentiality highly (VC:H) but does not affect integrity or availability. There are no known exploits in the wild currently, and no patches have been linked yet. The vulnerability does not require user interaction but does require some level of local privileges, meaning an attacker must already have some foothold on the system or access to the file system to exploit this issue. The core risk is unauthorized disclosure of sensitive cryptographic material, which could lead to further compromise of communications or data protected by these keys.

For European organizations using BMC Control-M/Agent versions 9.0.18 to 9.0.22, this vulnerability poses a significant risk to the confidentiality of sensitive data. Control-M is widely used in enterprise environments for workload automation and job scheduling, often handling critical business processes and sensitive data flows. If an attacker gains local access to the system, they could extract keystore contents using the default password, potentially decrypting sensitive credentials or communications. This could lead to lateral movement within networks, data exfiltration, or compromise of other integrated systems. The impact is particularly critical in regulated industries such as finance, healthcare, and government sectors prevalent in Europe, where data confidentiality is strictly mandated. Although exploitation requires local privileges, the presence of default credentials lowers the barrier for attackers who have already compromised a system or have insider access. This vulnerability could also facilitate more advanced attacks by exposing cryptographic keys, undermining trust in secure communications and automation workflows.

European organizations should immediately audit their Control-M/Agent deployments to identify affected versions (9.0.18 through 9.0.22). Since no patches are currently linked, organizations should implement the following specific mitigations: 1) Change the default keystore passwords to strong, unique passwords immediately after installation or upgrade. 2) Restrict file system permissions on keystore files to the minimum necessary, ensuring only authorized service accounts can read them. 3) Monitor and log access to keystore files to detect unauthorized read attempts. 4) Limit local access to systems running Control-M/Agent by enforcing strict access controls, including multi-factor authentication and network segmentation. 5) Conduct regular vulnerability scanning and penetration testing focused on local privilege escalation and file access controls. 6) Engage with BMC support for any available patches or recommended configurations to mitigate this vulnerability. 7) Educate system administrators about the risks of default credentials and enforce policies to change all default passwords in production environments.