CVE-2025-24338 is a high-severity vulnerability identified in the "Manages app data" functionality of the web application component of Bosch Rexroth AG's ctrlX OS - Solutions platform. The vulnerability is classified under CWE-116, which pertains to improper encoding or escaping of output. This flaw allows a remote attacker with low-privileged authenticated access to execute arbitrary client-side code within the context of another user's browser session. The attack vector involves sending multiple crafted HTTP requests that exploit the improper output encoding, resulting in cross-site scripting (XSS) conditions. The vulnerability affects multiple versions of ctrlX OS - Solutions, specifically versions 1.12.0, 1.20.0, and 2.6.0. The CVSS v3.1 base score is 7.1, indicating a high severity level, with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H. This means the attack can be performed remotely over the network (AV:N), requires high attack complexity (AC:H), low privileges (PR:L), and user interaction (UI:R). The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). No known exploits are currently reported in the wild, and no patches or mitigations have been linked yet. The vulnerability arises from insufficient sanitization or encoding of output data in the web app, allowing malicious scripts to be injected and executed in other users' browsers, potentially leading to session hijacking, data theft, or further compromise of the industrial control environment managed by ctrlX OS.

For European organizations using Bosch Rexroth AG's ctrlX OS - Solutions, this vulnerability poses a significant risk, especially in industrial automation and manufacturing sectors where ctrlX OS is deployed to manage critical control systems. Exploitation could lead to unauthorized disclosure of sensitive operational data, manipulation of control commands, and disruption of industrial processes. The ability to execute arbitrary client-side code in another user's browser can facilitate credential theft, session hijacking, and lateral movement within the network. Given the high impact on confidentiality, integrity, and availability, successful exploitation could result in operational downtime, safety hazards, and financial losses. Additionally, the requirement for low-privileged authentication and user interaction means insider threats or social engineering could be leveraged to exploit this vulnerability. The lack of known exploits currently provides a window for proactive mitigation, but the critical nature of industrial control systems heightens the urgency for European organizations to address this issue promptly.

1. Implement strict output encoding and input validation in the "Manages app data" functionality to prevent injection of malicious scripts. 2. Restrict and monitor user privileges rigorously to minimize the risk posed by low-privileged authenticated users. 3. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers. 4. Conduct thorough security testing and code reviews focusing on output encoding and escaping mechanisms in the web application. 5. Isolate the ctrlX OS management interfaces within secure network segments and enforce multi-factor authentication to reduce the risk of compromised credentials. 6. Educate users on the risks of social engineering and phishing attacks that could facilitate exploitation requiring user interaction. 7. Monitor network traffic and application logs for unusual HTTP requests or patterns indicative of exploitation attempts. 8. Coordinate with Bosch Rexroth AG for timely patches or updates and apply them as soon as they become available. 9. Consider deploying web application firewalls (WAF) with custom rules to detect and block malicious payloads targeting this vulnerability.