An uncontrolled resource consumption flaw in the Bosch VMS Central Server allows an attacker to drain disk space by sending malicious input over the network. This can lead to a denial‑of‑service condition where the system runs out of storage, potentially causing service interruptions, data loss, or cascading failures of dependent applications. The weakness is a classic CWE‑400 "Uncontrolled Resource Consumption" scenario, which affects confidentiality, integrity, and availability if not mitigated.

Vendor Bosch has affected products including Bosch BVMS, Bosch BVMS Viewer, Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all‑in‑one 5000, Bosch DIVAR IP all‑in‑one 7000, Bosch DIVAR IP all‑in‑one 7000 R3, DIVAR IP all‑in‑one 4000 and DIVAR IP all‑in‑one 6000 running Bosch VMS 12.0.1. The vulnerability resides in the Central Server component of VMS 12.0.1.

The CVSS score of 7.5 indicates a high severity, and although EPSS data is not available, the lack of a KEV listing suggests no widely known exploitation yet. The likely attack vector is remote over the network, where an attacker can send crafted traffic that consumes disk space. Successful exploitation would require network access to the affected server and could be achieved without authentication if the service is exposed.