User Configuration Vulnerability in ctrlX OS by Bosch
CVE-2025-24340

6.5MEDIUM

Key Information:

Vendor: Bosch Rexroth Ag
Status: Ctrlx Os - Device Admin
Vendor: CVE Published:; 30 April 2025

🔔 Create Bosch Rexroth Ag Vulnerability Alert

What is CVE-2025-24340?

A vulnerability in the user configuration file of ctrlX OS could enable a remote authenticated attacker with low privileges to access the plaintext passwords of other users. This flaw exposes sensitive information, posing a significant risk if exploited, allowing attackers to potentially gain unauthorized access to user accounts. It is crucial for organizations utilizing ctrlX OS to implement security measures to mitigate this vulnerability and protect their user data.

Affected Version(s)

ctrlX OS - Device Admin 1.12.0 <= 1.12.9

ctrlX OS - Device Admin 1.20.0 <= 1.20.7

ctrlX OS - Device Admin 2.6.0 <= 2.6.8

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-6404...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2025
Vulnerability Reserved
Jan 20, 2025

CVE-2025-24340 Data

JSON