{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-24351", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "state": "PUBLISHED", "assignerShortName": "bosch", "dateReserved": "2025-01-20T15:09:10.534Z", "datePublished": "2025-04-30T11:47:00.441Z", "dateUpdated": "2026-02-26T18:27:53.157Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2025-04-30T11:47:00.441Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the \u201cRemote Logging\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user \u201croot\u201d via a crafted HTTP request."}], "affected": [{"vendor": "Bosch Rexroth AG", "product": "ctrlX OS - Device Admin", "versions": [{"version": "1.20.0", "status": "affected", "versionType": "custom", "lessThanOrEqual": "1.20.7"}, {"version": "2.6.0", "status": "affected", "versionType": "custom", "lessThanOrEqual": "2.6.8"}]}], "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "cweId": "CWE-78"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24351", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-01T03:55:12.845453Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T18:27:53.157Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24351", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-01T03:55:12.845453Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T14:14:26.387Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Bosch Rexroth AG", "product": "ctrlX OS - Device Admin", "versions": [{"status": "affected", "version": "1.20.0", "versionType": "custom", "lessThanOrEqual": "1.20.7"}, {"status": "affected", "version": "2.6.0", "versionType": "custom", "lessThanOrEqual": "2.6.8"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the \u201cRemote Logging\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user \u201croot\u201d via a crafted HTTP request."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2025-04-30T11:47:00.441Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24351", "state": "PUBLISHED", "dateUpdated": "2026-02-26T18:27:53.157Z", "dateReserved": "2025-01-20T15:09:10.534Z", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "datePublished": "2025-04-30T11:47:00.441Z", "assignerShortName": "bosch"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the \u201cRemote Logging\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user \u201croot\u201d via a crafted HTTP request."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad de \u201cRegistro remoto\u201d de la aplicaci\u00f3n web de ctrlX OS permite que un atacante remoto autenticado (con privilegios bajos) ejecute comandos arbitrarios del sistema operativo en el contexto del usuario \u201croot\u201d a trav\u00e9s de una solicitud HTTP manipulada."}], "id": "CVE-2025-24351", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@bosch.com", "type": "Secondary"}]}, "published": "2025-04-30T12:15:21.937", "references": [{"source": "psirt@bosch.com", "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"}], "sourceIdentifier": "psirt@bosch.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "psirt@bosch.com", "type": "Secondary"}]}

{}

{}