cve/2025/CVE-2025-48709.md

CVE-2025-48709

Description

An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbu_connection_details.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process logs in two separate locations.

POC

Reference

No PoCs from references.

Github

• https://github.com/fkie-cad/nvd-json-data-feeds