A critical remote code execution vulnerability, identified as CVE-2025-55108, affects The Control-M/Agent. This flaw allows an unauthenticated attacker with network access to gain complete control of vulnerable systems, enabling them to execute arbitrary code, steal sensitive data, and disrupt critical business operations. Due to the ease of exploitation and the maximum severity rating, immediate remediation is required to prevent a full system compromise.

The vulnerability exists within the communication protocol of the Control-M/Agent when mutual SSL/TLS authentication is not enabled. In this configuration, the agent fails to properly authenticate incoming connections, allowing any entity with network access to its listening port to send it commands. An unauthenticated remote attacker can exploit this by crafting and sending malicious requests to execute arbitrary commands with the privileges of the agent service, read or write arbitrary files on the filesystem, or perform other unauthorized administrative actions, leading to a complete compromise of the host system.

This vulnerability is rated as critical severity with a CVSS score of 10.0, representing the highest possible risk. Successful exploitation would grant an attacker complete control over the affected agent's host system, leading to severe consequences. These include the breach of confidential data (e.g., credentials, customer information, intellectual property), loss of data integrity through unauthorized modification or deployment of ransomware, and loss of availability by disrupting automated workflows and critical business processes managed by Control-M. A compromised agent could also serve as a pivot point for lateral movement, allowing an attacker to penetrate deeper into the corporate network.

Immediate Action: Apply the security updates provided by the vendor to upgrade all instances of The Multiple Products to the latest, non-vulnerable version. After patching, review system and application access logs for any indicators of compromise that may have occurred prior to remediation.

Proactive Monitoring: Implement enhanced monitoring for all Control-M/Agent systems. Security teams should look for unusual network connections to agent listener ports from unauthorized IP addresses, unexpected processes spawned by the agent service, and anomalous file read/write activity. Utilize Endpoint Detection and Response (EDR) solutions and network intrusion detection systems (NIDS) to create alerts for suspicious behavior originating from these agents.

Compensating Controls: If patching cannot be immediately deployed, implement the following controls to mitigate risk:

• Enforce Mutual TLS: Reconfigure all agents to strictly require mutual SSL/TLS authentication for all connections, which is the root cause of the vulnerability.
• Network Segmentation: Use firewalls or network access control lists (ACLs) to restrict all network access to the Control-M/Agent's listening port, permitting connections only from the designated Control-M/Server and authorized management hosts.

Public Exploit Available: false

This vulnerability poses a critical and immediate threat to the organization. Due to the CVSS score of 10.0, which signifies a trivial-to-exploit vulnerability resulting in complete system compromise, immediate patching of all affected Control-M/Agents must be the top priority. Although CVE-2025-55108 is not yet on the CISA Known Exploited Vulnerabilities (KEV) catalog, its severity makes it a likely candidate for future inclusion. Organizations must act proactively to remediate this flaw before it becomes actively exploited in the wild. If patching is delayed, the compensating controls listed above must be implemented without exception to reduce the attack surface.