Remote Code Execution Vulnerability in Bosch Products
CVE-2025-29902

10CRITICAL

Key Information:

Vendor: Telex
Status: Remote Dispatch Console Server; Vlink Virtual Matrix Software
Vendor: CVE Published:; 13 June 2025

What is CVE-2025-29902?

This vulnerability enables unauthorized users to execute arbitrary code on the server machine, posing a significant risk to the integrity and security of the affected Bosch products. Exploitation of this flaw could lead to severe disruptions and unauthorized access to sensitive data. Organizations using the affected Bosch software are advised to implement robust security measures and monitor their systems for any suspicious activities.

Affected Version(s)

Remote Dispatch Console Server Windows 1.0.0 < 1.3.0

VLink Virtual Matrix Software Windows 5

VLink Virtual Matrix Software Windows 6.0.0 < 6.6.0

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-9924...

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2025
Vulnerability Reserved
Mar 12, 2025

Telex

What is CVE-2025-29902?

Affected Version(s)

References

CVSS V3.1

Timeline