CVE-2025-48860

Summary

A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to access sensitive data.

Affected Software

VendorProductVersion RangeStatus
Bosch Rexroth AGctrlX OS - Setup1.20.0 <= 1.20.1affected
Bosch Rexroth AGctrlX OS - Setup2.6.0 <= 2.6.1affected
Bosch Rexroth AGctrlX OS - Setup3.6.0 <= 3.6.2affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References