CVE-2025-24343 is a medium-severity vulnerability identified in Bosch Rexroth AG's ctrlX OS - Solutions, specifically within the web application's "Manages app data" functionality. The flaw is classified as a CWE-23 Relative Path Traversal vulnerability. It allows a remote attacker with low-privileged authenticated access to craft HTTP requests that can write arbitrary files to arbitrary locations on the file system. This means that an attacker who has some level of legitimate access to the system can manipulate file paths in the request to escape the intended directory boundaries and place files anywhere on the device's file system. The vulnerability affects multiple versions of ctrlX OS - Solutions, including 1.12.0, 1.20.0, and 2.6.0. The CVSS v3.1 base score is 5.4, reflecting a medium severity level, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), low integrity impact (I:L), and low availability impact (A:L). The vulnerability does not appear to have known exploits in the wild as of the publication date (April 30, 2025). The root cause is insufficient validation or sanitization of file path inputs in the web application's functionality that manages app data, allowing directory traversal and arbitrary file write operations. This can lead to integrity and availability impacts, such as overwriting critical files, injecting malicious code, or disrupting system operations. Since authentication is required but only low privileges are needed, the attack surface includes any user with minimal access rights to the web interface, potentially including many operational staff or automated systems. No patches or mitigations are explicitly linked in the provided data, indicating that organizations should prioritize updates or workarounds once available from Bosch Rexroth AG.

For European organizations using Bosch Rexroth AG's ctrlX OS - Solutions, particularly in industrial automation and manufacturing sectors, this vulnerability poses a significant risk to system integrity and availability. ctrlX OS is an industrial operating system used in automation controllers and related devices, which are critical for manufacturing processes, factory automation, and industrial control systems. Exploitation could allow attackers to write arbitrary files, potentially leading to the insertion of malicious scripts, configuration tampering, or disruption of control logic. This could result in operational downtime, production losses, safety hazards, and potential cascading failures in industrial environments. Given the low privilege requirement but mandatory authentication, insider threats or compromised credentials could be leveraged to exploit this vulnerability. The lack of confidentiality impact reduces the risk of data leakage but does not diminish the threat to operational continuity and system trustworthiness. The vulnerability's presence in multiple versions suggests a broad exposure across deployments. European industries with high automation reliance, such as automotive manufacturing, chemical plants, and energy production facilities, could face severe operational impacts if exploited. Additionally, the disruption of industrial control systems can have downstream effects on supply chains and critical infrastructure, increasing the overall risk profile for affected organizations.

1. Immediate mitigation should focus on restricting access to the ctrlX OS web application to trusted users only, employing strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of credential compromise. 2. Network segmentation should be enforced to isolate industrial control systems running ctrlX OS from general IT networks and external internet access, minimizing exposure to remote attackers. 3. Implement strict input validation and sanitization at the application layer where possible, especially for file path parameters, to prevent directory traversal attempts. 4. Monitor system logs and web application access logs for unusual file write operations or unexpected HTTP requests that could indicate exploitation attempts. 5. Coordinate with Bosch Rexroth AG to obtain and apply official patches or updates addressing this vulnerability as soon as they become available. 6. Conduct regular security audits and penetration tests focused on industrial control systems to detect similar vulnerabilities proactively. 7. Employ application whitelisting and integrity monitoring on devices running ctrlX OS to detect unauthorized file modifications. 8. Train operational staff on the risks of credential sharing and phishing attacks to reduce the likelihood of account compromise. 9. Consider deploying web application firewalls (WAFs) with custom rules to detect and block path traversal patterns targeting the vulnerable functionality. These mitigations go beyond generic advice by focusing on industrial control system-specific controls, operational environment hardening, and proactive detection tailored to the nature of the vulnerability and the affected product.