CVE-2025-48709 – BMC Control-M Cleartext Credentials Exposure Vulnerability

CVE ID : CVE-2025-48709

Published : Aug. 7, 2025, 8:15 p.m. | 1 hour, 14 minutes ago

Description : An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbu_connection_details.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process logs in two separate locations.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…