CVE-2025-24341 is a vulnerability identified in the web application component of Bosch Rexroth AG's ctrlX OS - Device Admin, specifically affecting versions 1.12.0, 1.20.0, and 2.6.0. The vulnerability is categorized under CWE-770, which involves the allocation of resources without proper limits or throttling. This flaw allows a remote attacker with low-privileged authenticated access to the device's web interface to send multiple crafted HTTP requests that trigger excessive resource consumption. The consequence of this resource exhaustion is a Denial-of-Service (DoS) condition, where the device becomes unresponsive and may require a full power cycle to restore normal operation. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), and only low privileges (PR:L) without any user interaction (UI:N). The impact is limited to availability (A:H), with no direct confidentiality or integrity compromise. The vulnerability does not have known exploits in the wild as of the publication date (April 30, 2025). The ctrlX OS is an industrial operating system used in automation and control devices, which are critical components in manufacturing and industrial environments. The lack of throttling or resource allocation limits in the web application allows an attacker to overwhelm the system's resources, leading to service disruption. Given the industrial context, such disruptions can have cascading effects on production lines and operational continuity.

For European organizations, especially those in manufacturing, industrial automation, and critical infrastructure sectors, this vulnerability poses a significant risk to operational availability. Devices running ctrlX OS are likely integrated into production control systems, robotics, and other automation equipment. A successful DoS attack could halt manufacturing processes, leading to production downtime, financial losses, and potential safety hazards if automated safety controls are affected. Since the attack requires authenticated access, the risk is heightened if internal network security is weak or if credentials are compromised through phishing or insider threats. The need for a full power cycle to recover the device increases downtime and may complicate incident response, especially in environments requiring continuous operation. Although confidentiality and integrity are not directly impacted, the availability disruption alone can have severe operational and economic consequences. Additionally, the lack of known exploits currently does not preclude future exploitation, particularly as attackers often target industrial control systems once vulnerabilities are publicly disclosed.

1. Implement strict access controls and network segmentation to limit access to ctrlX OS Device Admin interfaces only to trusted and authorized personnel and systems. 2. Enforce strong authentication mechanisms, including multi-factor authentication, to reduce the risk of credential compromise. 3. Monitor network traffic to detect abnormal patterns indicative of repeated or crafted HTTP requests targeting the web application, enabling early detection of exploitation attempts. 4. Apply rate limiting or web application firewall (WAF) rules at the network perimeter or on intermediary devices to throttle excessive requests to the Device Admin interface. 5. Maintain an up-to-date inventory of devices running affected ctrlX OS versions and prioritize patching or upgrading as soon as vendor patches become available. 6. Develop and rehearse incident response plans that include procedures for safely power cycling affected devices to minimize downtime. 7. Collaborate with Bosch Rexroth AG for timely updates and advisories, and consider deploying compensating controls such as redundant systems to maintain operational continuity during potential DoS events.