{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-24341", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "state": "PUBLISHED", "assignerShortName": "bosch", "dateReserved": "2025-01-20T15:09:10.532Z", "datePublished": "2025-04-30T11:14:47.046Z", "dateUpdated": "2025-04-30T15:11:57.073Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2025-04-30T11:14:47.046Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device."}], "affected": [{"vendor": "Bosch Rexroth AG", "product": "ctrlX OS - Device Admin", "versions": [{"version": "1.12.0", "status": "affected", "versionType": "custom", "lessThanOrEqual": "1.12.9"}, {"version": "1.20.0", "status": "affected", "versionType": "custom", "lessThanOrEqual": "1.20.7"}, {"version": "2.6.0", "status": "affected", "versionType": "custom", "lessThanOrEqual": "2.6.8"}]}], "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "cweId": "CWE-770"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-30T15:09:35.775128Z", "id": "CVE-2025-24341", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T15:11:57.073Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24341", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-30T15:09:35.775128Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T15:10:03.656Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Bosch Rexroth AG", "product": "ctrlX OS - Device Admin", "versions": [{"status": "affected", "version": "1.12.0", "versionType": "custom", "lessThanOrEqual": "1.12.9"}, {"status": "affected", "version": "1.20.0", "versionType": "custom", "lessThanOrEqual": "1.20.7"}, {"status": "affected", "version": "2.6.0", "versionType": "custom", "lessThanOrEqual": "2.6.8"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2025-04-30T11:14:47.046Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24341", "state": "PUBLISHED", "dateUpdated": "2025-04-30T15:11:57.073Z", "dateReserved": "2025-01-20T15:09:10.532Z", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "datePublished": "2025-04-30T11:14:47.046Z", "assignerShortName": "bosch"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device."}, {"lang": "es", "value": "Una vulnerabilidad en la aplicaci\u00f3n web de ctrlX OS permite a un atacante remoto autenticado (con privilegios bajos) inducir una denegaci\u00f3n de servicio (DoS) en el dispositivo mediante m\u00faltiples solicitudes HTTP manipuladas. En el peor de los casos, se requiere un reinicio completo para recuperar el control del dispositivo."}], "id": "CVE-2025-24341", "lastModified": "2025-05-02T13:53:40.163", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@bosch.com", "type": "Secondary"}]}, "published": "2025-04-30T12:15:15.493", "references": [{"source": "psirt@bosch.com", "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"}], "sourceIdentifier": "psirt@bosch.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "psirt@bosch.com", "type": "Secondary"}]}

{}

{}