Overview
The CVE-2025-55113 vulnerability is a serious, high-risk issue that directly affects users of the Control-M/Agent software, specifically versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. It is related to the enforcement of the Access Control List (ACL) by the Control-M/Agent, specifically when the C router is in use. This vulnerability is particularly significant due to its potential to allow an attacker to bypass configured ACLs using a specially crafted certificate, potentially leading to system compromise or data leakage.
Vulnerability Summary
CVE ID: CVE-2025-55113
Severity: High Risk (CVSS: 9.0)
Attack Vector: Network
Privileges Required: None
User Interaction: None
Impact: System compromise and potential data leakage
Affected Products
Share secrets securely
Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.
Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.
- • Encrypted identity
- • Private Spaces for organizations and teams
- • End-to-end encrypted chat, calls, files, and notes
- • Sensitive AI work and protected collaboration
- • Built for information that cannot leak
Our mission is to secure human work alongside AI.
Product | Affected Versions
Control-M/Agent | 9.0.18 – 9.0.20 (and potentially earlier unsupported versions)
How the Exploit Works
The vulnerability stems from how the Access Control List (ACL) is enforced by the Control-M/Agent when the C router is in use. Specifically, verification stops at the first NULL byte encountered in the email address referenced in the client certificate. An attacker can exploit this vulnerability by using a specially crafted certificate with a null byte, which could potentially allow them to bypass the configured ACLs.
Conceptual Example Code
A potential exploitation of this vulnerability might look like the following, where the attacker uses a specially crafted certificate with a NULL byte in the email address:
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout server.key -out server.crt -subj /C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com/emailAddress=attacker\0@example.comIn this example, the email address `attackerIn this example, the email address `attacker\0@example.com` includes a NULL byte (`\0`), which could cause the verification process to stop, allowing the attacker to potentially bypass the ACLs@example.com` includes a NULL byte (`In this example, the email address `attacker\0@example.com` includes a NULL byte (`\0`), which could cause the verification process to stop, allowing the attacker to potentially bypass the ACLs`), which could cause the verification process to stop, allowing the attacker to potentially bypass the ACLs. Note that this is a conceptual and simplified example, and actual exploitation of the vulnerability would likely involve more complex steps.
Recommendations for Mitigation
It’s recommended to apply the vendor’s patch to address this vulnerability. If the patch cannot be applied immediately, using a Web Application Firewall (WAF) or Intrusion Detection System (IDS) as a temporary mitigation strategy can help protect against potential attacks.
However, these measures should not be considered a long-term solution since they may not fully protect against all possible exploitation scenarios. Therefore, updating the software to a version where the vulnerability is fixed is the best course of action.