CVE-2025-55110 | THREATINT

Description

Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented. An attacker with read access to the keystore could access sensitive data using this password.

PUBLISHED Reserved 2025-08-07 | Published 2025-09-16 | Updated 2025-09-16 | Assigner airbus

MEDIUM: 5.7CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-1392 Use of Default Credentials

Product status

Default status

affected

9.0.22 (semver)

affected

9.0.21 (semver)

affected

9.0.20 (semver)

affected

9.0.19 (semver)

affected

9.0.18 (semver)

affected

Credits

Airbus SAS - Jean-Romain Garnier - seclab@airbus.com finder

References

bmcapps.my.site.com/.../sc_KnowledgeArticle?sfdcid=000442099 vendor-advisory

bmcapps.my.site.com/.../sc_KnowledgeArticle?sfdcid=000441964 mitigation

cve.org (CVE-2025-55110)

nvd.nist.gov (CVE-2025-55110)

Download JSON