CVE-2025-24349 is a high-severity vulnerability identified in the "Network Interfaces" functionality of the web application component of Bosch Rexroth AG's ctrlX OS - Device Admin. The vulnerability stems from a permissive list of allowed inputs (CWE-183), which enables a remote attacker with low-privileged authenticated access to send specially crafted HTTP requests that can delete the configuration of physical network interfaces on the affected device. The affected versions include 1.12.0, 1.20.0, and 2.6.0 of ctrlX OS - Device Admin. The vulnerability does not require user interaction but does require authentication with low privileges, which implies that an attacker must have some level of access credentials to exploit it. The CVSS v3.1 base score is 7.1, reflecting a high severity due to the network attack vector, low attack complexity, and the significant impact on availability (deletion of network interface configurations can cause network outages). The vulnerability does not impact confidentiality but affects integrity and availability, as the attacker can disrupt network connectivity by removing interface configurations. No known exploits are currently reported in the wild, and no patches are linked yet, indicating that mitigation may rely on compensating controls until an official fix is released. The vulnerability is particularly critical in industrial and automation environments where ctrlX OS is deployed, as network interface misconfigurations can lead to operational disruptions and safety risks.

For European organizations, especially those in industrial automation, manufacturing, and critical infrastructure sectors, this vulnerability poses a significant risk. Bosch Rexroth's ctrlX OS is widely used in industrial control systems (ICS) and automation solutions across Europe. Exploitation could lead to denial of network services on affected devices, causing operational downtime, loss of control over industrial processes, and potential safety hazards. The disruption of network interfaces can isolate devices from management systems, complicating incident response and recovery. Given the reliance on these systems in sectors such as automotive manufacturing, energy, and transportation, the impact could extend to supply chain interruptions and critical infrastructure degradation. Furthermore, since the vulnerability requires low-privileged authentication, insider threats or compromised credentials could be leveraged by attackers to cause significant damage. The absence of known exploits currently provides a window for proactive defense, but the high severity score underscores the urgency of addressing this issue.

1. Restrict access to the ctrlX OS Device Admin web interface to trusted internal networks and implement strong network segmentation to limit exposure. 2. Enforce strict authentication policies, including multi-factor authentication (MFA), to reduce the risk of credential compromise or misuse by low-privileged users. 3. Monitor and audit all access to the Device Admin interface, focusing on unusual or unauthorized configuration changes to network interfaces. 4. Implement role-based access control (RBAC) to minimize the number of users with permissions to modify network settings. 5. Until an official patch is released, consider deploying Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with custom rules to detect and block suspicious HTTP requests targeting network interface configurations. 6. Regularly back up network interface configurations and device settings to enable rapid restoration in case of malicious deletion. 7. Coordinate with Bosch Rexroth for timely updates and apply patches as soon as they become available. 8. Conduct security awareness training for personnel with access to ctrlX OS to recognize and report suspicious activities.