A high-severity vulnerability, identified as CVE-2025-55118, has been discovered in multiple Memory products, specifically affecting the Control-M/Agent. This flaw allows a remote attacker to trigger a memory corruption by sending specially crafted data over the network when SSL/TLS is enabled, which could lead to a system crash or allow the attacker to execute arbitrary code and gain control of the affected server.

This vulnerability is a remote memory corruption flaw that exists within the SSL/TLS communication handling component of the Memory Control-M/Agent. An unauthenticated attacker can exploit this by sending a specially crafted sequence of SSL/TLS packets to a vulnerable agent. This malformed data is improperly processed, leading to a memory corruption condition such as a buffer overflow. Successful exploitation can cause the agent service to crash, resulting in a denial of service (DoS), or could potentially be leveraged to achieve remote code execution (RCE) with the privileges of the agent's service account.

This vulnerability presents a significant risk to the organization, reflected by its High severity rating with a CVSS score of 8.9. Exploitation could lead to a severe denial of service, disrupting critical business processes and automated job schedules managed by Control-M, resulting in operational downtime and potential financial loss. If an attacker achieves remote code execution, they could gain a persistent foothold in the network, exfiltrate sensitive data, compromise the underlying server, and pivot to attack other internal systems, leading to a major data breach and significant reputational damage.

Immediate Action: Apply the security updates provided by Memory to all affected Control-M/Agent installations immediately. Prioritize patching for agents that are exposed to untrusted networks. After patching, monitor the systems to confirm the agent is stable and operating correctly.

Proactive Monitoring: Implement enhanced monitoring for affected systems. Review Control-M/Agent logs for evidence of repeated crashes, connection resets, or errors related to SSL/TLS processing. Monitor network traffic to agent ports for unusual patterns, connections from unexpected IP addresses, or malformed packets using network intrusion detection systems (NIDS). On the host, monitor the agent process for unexpected restarts or the spawning of suspicious child processes (e.g., cmd.exe, powershell.exe).

Compensating Controls: If immediate patching is not feasible, restrict network access to the Control-M/Agent communication ports. Use network or host-based firewalls to ensure that only trusted Control-M/Server or management hosts can communicate with the agent. This will limit the attack surface by preventing direct access from untrusted networks.

Public Exploit Available: false

Given the high CVSS score of 8.9 and the potential for remote code execution, this vulnerability requires immediate attention. We strongly recommend that the organization prioritizes applying the vendor-supplied patches across all environments without delay. Although this CVE is not currently listed on the CISA KEV list, its characteristics make it a prime candidate for future inclusion and exploitation by threat actors. A proactive patching and monitoring strategy is essential to mitigate the significant risk this vulnerability poses to business operations and data security.