CVE-2025-55118
Published: 16 September 2025
Summary
CVE-2025-55118 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Site (inferred from references). Its CVSS base score is 8.4 (High).
Operationally, ranked at the 10.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-29564
Vulnerability details
Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent 9.0.21 and 9.0.22: Agent router…
more
configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n"
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.
Enables transfer to alternate site if an infinite loop at the primary renders processing unavailable.
Ensures shared resources are explicitly initialized or cleared on allocation, preventing exposure of prior contents to new users or processes.
Detects and mitigates infinite loops that produce sustained resource consumption.
Mandates that every instance begins in a known (presumably clean) state, eliminating reliance on residual or uninitialized state left by prior executions.