CVE-2025-48861_CVE-2025-48861

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps.

Basic Information

ID CVE-2025-48861

Source bosch

Published Aug 14, 2025 at 09:07

Affected Product

Vendor Bosch Rexroth AG

Product ctrlX OS - Setup

Version 1.20.0

Affected Versions Bosch Rexroth AG ctrlX OS - Setup 1.20.0
Bosch Rexroth AG ctrlX OS - Setup 2.6.0
Bosch Rexroth AG ctrlX OS - Setup 3.6.0

References

psirt.bosch.com /security-advisories/BOSCH-SA-129652.html

{
    "lastseen": "",
    "description": "A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed\u00a0a remote, unauthenticated attacker to access and extract internal application data,\u00a0including potential debug logs and the version of installed apps.",
    "published": "2025-08-14T09:07:24.465Z",
    "modified": "2025-08-14T09:07:24.465Z",
    "type": "cve",
    "title": "CVE-2025-48861",
    "source": "bosch",
    "references": "https://psirt.bosch.com/security-advisories/BOSCH-SA-129652.html",
    "id": "CVE-2025-48861",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Bosch Rexroth AG ctrlX OS - Setup 1.20.0\nBosch Rexroth AG ctrlX OS - Setup 2.6.0\nBosch Rexroth AG ctrlX OS - Setup 3.6.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ctrlX OS - Setup",
    "version": "1.20.0",
    "vendor": "Bosch Rexroth AG",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply