CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27532
https://notcve.org/view.php?id=CVE-2025-27532
30 Apr 2025 — A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24351
https://notcve.org/view.php?id=CVE-2025-24351
30 Apr 2025 — A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24350
https://notcve.org/view.php?id=CVE-2025-24350
30 Apr 2025 — A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-23: Relative Path Traversal •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24349
https://notcve.org/view.php?id=CVE-2025-24349
30 Apr 2025 — A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network interfaces via a crafted HTTP request. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-183: Permissive List of Allowed Inputs •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24348
https://notcve.org/view.php?id=CVE-2025-24348
30 Apr 2025 — A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted HTTP request. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24347
https://notcve.org/view.php?id=CVE-2025-24347
30 Apr 2025 — A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP request. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24346
https://notcve.org/view.php?id=CVE-2025-24346
30 Apr 2025 — A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24345
https://notcve.org/view.php?id=CVE-2025-24345
30 Apr 2025 — A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24344
https://notcve.org/view.php?id=CVE-2025-24344
30 Apr 2025 — A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-81: Improper Neutralization of Script in an Error Message Web Page •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24343
https://notcve.org/view.php?id=CVE-2025-24343
30 Apr 2025 — A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-23: Relative Path Traversal •