{"id":76081,"date":"2025-09-23T02:32:20","date_gmt":"2025-09-23T02:32:20","guid":{"rendered":""},"modified":"2025-10-10T05:20:44","modified_gmt":"2025-10-10T11:20:44","slug":"cve-2025-55109-authentication-bypass-vulnerability-in-control-m-agent","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-55109-authentication-bypass-vulnerability-in-control-m-agent\/","title":{"rendered":"CVE-2025-55109: Authentication Bypass Vulnerability in Control-M\/Agent<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

This blog post examines CVE-2025-55109, a critical authentication bypass vulnerability in the out-of-support Control-M\/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability presents a significant risk to organizations that use this software, as it allows an attacker with access to a signed third-party or demo certificate for client authentication to bypass the need for a certificate signed by the certificate authority of the organization during authentication on the Control-M\/Agent. This can potentially lead to unauthorized access<\/a>, system compromise, or data leakage.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-55109
\nSeverity: Critical (CVSS: 9.0)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Potential system<\/a> compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n