CVE-2025-48861

Summary

A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps.

Affected Software

VendorProductVersion RangeStatus
Bosch Rexroth AGctrlX OS - Setup1.20.0 <= 1.20.1affected
Bosch Rexroth AGctrlX OS - Setup2.6.0 <= 2.6.1affected
Bosch Rexroth AGctrlX OS - Setup3.6.0 <= 3.6.2affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References