CVE-2025-55115 is a critical security vulnerability classified as CWE-23, a Relative Path Traversal flaw, found in BMC's Control-M/Agent software versions 9.0.18 through 9.0.20, including potentially earlier unsupported versions. Control-M/Agent is a widely used workload automation and job scheduling agent deployed in enterprise environments to manage batch jobs and workflows. The vulnerability allows an attacker with local access to the system running the Control-M/Agent to exploit a path traversal weakness. This flaw enables the attacker to manipulate file paths to access or modify files outside the intended directories. Exploiting this vulnerability can lead to local privilege escalation, meaning the attacker can gain higher system privileges than initially granted, potentially reaching administrative or root-level access. The vulnerability does not require user interaction and has low attack complexity, but it does require the attacker to have some level of local privileges already (PR:L). The CVSS 4.0 base score is 9.3 (critical), reflecting high impact on confidentiality, integrity, and availability, with high scope and no authentication required beyond local access. The vulnerability was fixed in version 9.0.20.100 and later. No known exploits are currently reported in the wild, but the severity and nature of the flaw make it a significant risk for organizations still running vulnerable versions. Given that Control-M/Agent is often deployed on critical servers managing automated workflows, exploitation could disrupt business operations, compromise sensitive data, or facilitate further lateral movement within networks.

For European organizations, the impact of CVE-2025-55115 can be severe. Control-M/Agent is commonly used in industries such as finance, manufacturing, telecommunications, and public sector entities across Europe to automate critical batch processing tasks. Successful exploitation could allow attackers to escalate privileges locally, potentially leading to unauthorized access to sensitive data, modification or deletion of critical job schedules, and disruption of automated workflows. This could result in operational downtime, financial losses, regulatory non-compliance (especially under GDPR due to potential data breaches), and reputational damage. The vulnerability's ability to compromise system integrity and availability is particularly concerning for organizations relying on Control-M for time-sensitive or compliance-driven processes. Additionally, since the flaw requires local access, it could be leveraged as part of a multi-stage attack where initial access is gained via phishing or other means, then escalated through this vulnerability to gain full control of affected systems.

To mitigate this vulnerability effectively, European organizations should: 1) Immediately identify and inventory all instances of Control-M/Agent in their environment, focusing on versions 9.0.18 through 9.0.20 and earlier unsupported versions. 2) Upgrade all vulnerable Control-M/Agent installations to version 9.0.20.100 or later, where the vulnerability is patched. 3) Restrict local access to systems running Control-M/Agent by enforcing strict access controls, limiting user accounts with local privileges, and employing network segmentation to reduce the attack surface. 4) Implement robust monitoring and logging of file system access and Control-M/Agent activities to detect suspicious path traversal attempts or privilege escalation behaviors. 5) Conduct regular security audits and vulnerability scans to ensure no outdated versions remain deployed. 6) Educate system administrators and security teams about this vulnerability to recognize potential exploitation signs. 7) Consider deploying endpoint detection and response (EDR) solutions capable of detecting anomalous local privilege escalation attempts. These steps go beyond generic patching advice by emphasizing access control hardening, monitoring, and proactive detection tailored to the nature of this vulnerability.