CVE-2025-55117 is a medium-severity stack-based buffer overflow vulnerability identified in BMC's Control-M/Agent software versions 9.0.18 through 9.0.22. This vulnerability arises specifically when the Control-M/Agent is configured to use SSL/TLS communication with certain non-default settings. In version 9.0.20, the issue manifests when the SSL/TLS configuration parameter "use_openssl" is set to "n" (disabling OpenSSL). For versions 9.0.21 and 9.0.22, the vulnerability is triggered when both "JAVA_AR" is set to "N" and "use_openssl" is set to "n" in the agent router configuration. The root cause is a stack-based buffer overflow that occurs during the formatting of an error message under these specific configurations. This overflow can be remotely triggered without requiring authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The vulnerability impacts the confidentiality and integrity of the system with limited impact on availability. Although no known exploits are currently reported in the wild, the vulnerability presents a significant risk due to its remote exploitability and the potential for arbitrary code execution or system compromise if successfully exploited. Control-M/Agent is widely used in enterprise environments for workload automation and job scheduling, making this vulnerability particularly relevant for organizations relying on these services for critical business processes. The absence of patches at the time of publication necessitates immediate attention to configuration and mitigation strategies to reduce exposure.

For European organizations, the exploitation of CVE-2025-55117 could lead to unauthorized remote code execution or system compromise within critical workload automation environments. This can disrupt business operations, lead to data breaches, or allow attackers to pivot within internal networks. Given that Control-M/Agent is often integrated into enterprise IT infrastructure for scheduling and managing batch jobs, a successful attack could impact operational continuity, data integrity, and confidentiality of sensitive business information. The vulnerability's remote exploitability without authentication increases the risk profile, especially for organizations exposing Control-M/Agent interfaces to less trusted networks or the internet. Additionally, the specific configuration conditions required to trigger the vulnerability mean that organizations using non-default SSL/TLS settings are at higher risk, which may include those customizing security parameters for compliance or performance reasons. The lack of known exploits currently provides a window for proactive defense, but also indicates that attackers may develop exploits in the near future, increasing urgency for mitigation.

European organizations should immediately audit their Control-M/Agent configurations to identify if the vulnerable versions (9.0.18 through 9.0.22) are in use and whether the non-default SSL/TLS settings "use_openssl=n" and "JAVA_AR=N" are applied. If these settings are in place, organizations should revert to default SSL/TLS configurations where feasible, particularly enabling OpenSSL usage (i.e., set "use_openssl=y") to mitigate the vulnerability. Network segmentation and strict access controls should be enforced to limit exposure of Control-M/Agent interfaces to trusted internal networks only. Employing intrusion detection and prevention systems (IDS/IPS) with signatures or heuristics targeting anomalous Control-M/Agent traffic can help detect exploitation attempts. Organizations should monitor vendor communications closely for official patches or updates addressing this vulnerability and plan for rapid deployment once available. Additionally, implementing robust logging and alerting on Control-M/Agent error messages and unusual activity can provide early warning signs of exploitation attempts. Finally, conducting penetration testing and vulnerability assessments focused on Control-M/Agent configurations can help validate the effectiveness of mitigations.