CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24351
https://notcve.org/view.php?id=CVE-2025-24351
30 Apr 2025 — A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24350
https://notcve.org/view.php?id=CVE-2025-24350
30 Apr 2025 — A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-23: Relative Path Traversal •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24349
https://notcve.org/view.php?id=CVE-2025-24349
30 Apr 2025 — A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network interfaces via a crafted HTTP request. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-183: Permissive List of Allowed Inputs •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24348
https://notcve.org/view.php?id=CVE-2025-24348
30 Apr 2025 — A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted HTTP request. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24347
https://notcve.org/view.php?id=CVE-2025-24347
30 Apr 2025 — A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP request. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24346
https://notcve.org/view.php?id=CVE-2025-24346
30 Apr 2025 — A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24345
https://notcve.org/view.php?id=CVE-2025-24345
30 Apr 2025 — A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24342
https://notcve.org/view.php?id=CVE-2025-24342
30 Apr 2025 — A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-204: Observable Response Discrepancy •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24341
https://notcve.org/view.php?id=CVE-2025-24341
30 Apr 2025 — A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24340
https://notcve.org/view.php?id=CVE-2025-24340
30 Apr 2025 — A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users. • https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html • CWE-916: Use of Password Hash With Insufficient Computational Effort •