EUVD-2025-24680

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Task API flaw in ctrlX OS setup permits remote unauthenticated access to logs and app versions.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-48861	14 Aug 202511:01	–	circl
CNNVD	BOSCH ctrlX OS 安全漏洞	14 Aug 202500:00	–	cnnvd
CVE	CVE-2025-48861	14 Aug 202509:07	–	cve
Cvelist	CVE-2025-48861	14 Aug 202509:07	–	cvelist
NVD	CVE-2025-48861	14 Aug 202509:15	–	nvd
Positive Technologies	PT-2025-33139 · Ctrlx Os · Ctrlx Os	14 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-48861	16 Aug 202509:26	–	redhatcve
Vulnrichment	CVE-2025-48861	14 Aug 202509:07	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "24e74057-1dd1-364c-8b53-d0cc42e323f7",
        "vendor": {
          "name": "Bosch Rexroth AG"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "400c1dff-1076-3407-ba4d-16f6bffa0b64",
        "product": {
          "name": "ctrlX OS - Setup"
        },
        "product_version": "2.6.0 ≤2.6.1"
      },
      {
        "id": "ad668464-786e-311c-8a7e-35a179033d80",
        "product": {
          "name": "ctrlX OS - Setup"
        },
        "product_version": "3.6.0 ≤3.6.2"
      },
      {
        "id": "b773bbb1-8085-3c2a-bf99-869fa5de9198",
        "product": {
          "name": "ctrlX OS - Setup"
        },
        "product_version": "1.20.0 ≤1.20.1"
      }
    ]
  }
]

Source	Link
psirt	www.psirt.bosch.com/security-advisories/BOSCH-SA-129652.html

03 Oct 2025 20:07Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.15.3

EPSS0.00058

SSVC