Remote Manipulation Vulnerability in ctrlX OS Wireless Configuration
CVE-2025-24348

5.4MEDIUM

Key Information:

Vendor: Bosch Rexroth Ag
Status: Ctrlx Os - Device Admin
Vendor: CVE Published:; 30 April 2025

🔔 Create Bosch Rexroth Ag Vulnerability Alert

What is CVE-2025-24348?

A vulnerability has been identified in the Network Interfaces functionality of ctrlX OS, allowing remote authenticated attackers with low privileges to manipulate the wireless network configuration file. This manipulation can be achieved through specially crafted HTTP requests, potentially compromising the security integrity of affected systems. Organizations utilizing ctrlX OS should review their configurations and apply necessary mitigations to safeguard against unauthorized access.

Affected Version(s)

ctrlX OS - Device Admin 1.12.0 <= 1.12.9

ctrlX OS - Device Admin 1.20.0 <= 1.20.7

ctrlX OS - Device Admin 2.6.0 <= 2.6.8

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-6404...

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2025
Vulnerability Reserved
Jan 20, 2025

CVE-2025-24348 Data

JSON