CVE-2025-24344 is a security vulnerability identified in Bosch Rexroth AG's ctrlX OS - Solutions, specifically affecting versions 1.12.0, 1.20.0, and 2.6.0. The vulnerability is classified under CWE-81, which pertains to improper neutralization of script in an error message web page. This flaw arises from the web application's error notification mechanism, which fails to properly sanitize or encode user-controllable input before reflecting it in error messages. As a result, a remote attacker can craft a malicious HTTP request that injects arbitrary HTML tags and potentially executes client-side scripts within the context of another user's browser session. The vulnerability does not require authentication (AV:N/PR:N) but does require user interaction (UI:R), meaning the victim must visit or interact with a crafted link or page to trigger the exploit. The CVSS v3.1 base score is 6.3, indicating a medium severity level. The impact vector includes low complexity (AC:L) and affects confidentiality, integrity, and availability to a limited extent (C:L/I:L/A:L). Although no known exploits are currently reported in the wild, the vulnerability poses a risk of cross-site scripting (XSS) attacks, which can lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim user. Given that ctrlX OS is an industrial automation platform used in manufacturing and industrial control systems, exploitation could have operational impacts if attackers leverage the vulnerability to disrupt or manipulate control interfaces via the web application. The vulnerability is publicly disclosed and assigned a CVE identifier, but no patches or mitigation links are currently provided by the vendor, indicating the need for immediate attention by affected organizations.

For European organizations, particularly those in manufacturing, industrial automation, and critical infrastructure sectors that deploy Bosch Rexroth's ctrlX OS - Solutions, this vulnerability presents a tangible risk. Successful exploitation could enable attackers to execute malicious scripts in the browsers of system operators or administrators, potentially leading to theft of session tokens, unauthorized command execution, or manipulation of control system parameters. This could degrade operational integrity, cause downtime, or facilitate further lateral movement within industrial networks. The confidentiality of sensitive operational data may be compromised, and integrity of control commands could be undermined, risking safety and production continuity. Given the increasing digitization and remote management of industrial environments in Europe, the attack surface is expanding, making such web-based vulnerabilities more critical. The requirement for user interaction means social engineering or phishing campaigns could be used to lure operators into triggering the exploit. Although availability impact is rated low to medium, targeted attacks could cause significant disruption in time-sensitive industrial processes. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers often weaponize disclosed vulnerabilities rapidly. Organizations relying on ctrlX OS should consider this vulnerability a medium risk with potential for escalation if combined with other weaknesses or misconfigurations.

1. Immediate mitigation should focus on restricting access to the ctrlX OS web interface to trusted networks and users only, using network segmentation and firewall rules to minimize exposure to the internet or untrusted zones. 2. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious HTTP requests containing script injection patterns targeting error message parameters. 3. Educate operators and administrators about phishing and social engineering risks to reduce the likelihood of user interaction triggering the exploit. 4. Monitor web server logs and application logs for anomalous requests that include suspicious payloads or unusual error message patterns indicative of attempted injection. 5. Implement Content Security Policy (CSP) headers on the web application to restrict execution of unauthorized scripts in browsers, mitigating the impact of XSS attacks. 6. Regularly review and update authentication and session management controls to limit the damage from stolen session tokens. 7. Engage with Bosch Rexroth support channels to obtain patches or official guidance as soon as they become available, and plan for timely deployment of updates. 8. Conduct internal penetration testing and vulnerability assessments focusing on the ctrlX OS web interface to identify and remediate similar injection points. 9. Where possible, disable or limit error message detail exposure to end users to reduce the attack surface for injection.