Remote Information Disclosure in Backup & Restore Functionality of ctrlX OS by Bosch
CVE-2025-27532

6.5MEDIUM

Key Information:

Vendor: Bosch Rexroth Ag
Status: Ctrlx Os - Device Admin
Vendor: CVE Published:; 30 April 2025

🔔 Create Bosch Rexroth Ag Vulnerability Alert

What is CVE-2025-27532?

A vulnerability exists in the Backup & Restore functionality of Bosch's ctrlX OS, enabling a remote authenticated user with low privileges to exploit this weakness. By sending specially crafted HTTP requests, the attacker can gain unauthorized access to sensitive information contained within the system. This security flaw necessitates immediate attention to safeguard user data and enhance application integrity.

Affected Version(s)

ctrlX OS - Device Admin 1.12.0 <= 1.12.9

ctrlX OS - Device Admin 1.20.0 <= 1.20.7

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-6404...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2025
Vulnerability Reserved
Feb 28, 2025

CVE-2025-27532 Data

JSON