CVE-2025-24349: CWE-183 Permissive List of Allowed Inputs in Bosch Rexroth AG ctrlX OS - Device Admin
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network interfaces via a crafted HTTP request.
AI Analysis
Technical Summary
CVE-2025-24349 is a high-severity vulnerability identified in the "Network Interfaces" functionality of the web application component of Bosch Rexroth AG's ctrlX OS - Device Admin. The vulnerability stems from a permissive list of allowed inputs (CWE-183), which enables a remote attacker with low-privileged authenticated access to send specially crafted HTTP requests that can delete the configuration of physical network interfaces on the affected device. The affected versions include 1.12.0, 1.20.0, and 2.6.0 of ctrlX OS - Device Admin. The vulnerability does not require user interaction but does require authentication with low privileges, which implies that an attacker must have some level of access credentials to exploit it. The CVSS v3.1 base score is 7.1, reflecting a high severity due to the network attack vector, low attack complexity, and the significant impact on availability (deletion of network interface configurations can cause network outages). The vulnerability does not impact confidentiality but affects integrity and availability, as the attacker can disrupt network connectivity by removing interface configurations. No known exploits are currently reported in the wild, and no patches are linked yet, indicating that mitigation may rely on compensating controls until an official fix is released. The vulnerability is particularly critical in industrial and automation environments where ctrlX OS is deployed, as network interface misconfigurations can lead to operational disruptions and safety risks.
Potential Impact
For European organizations, especially those in industrial automation, manufacturing, and critical infrastructure sectors, this vulnerability poses a significant risk. Bosch Rexroth's ctrlX OS is widely used in industrial control systems (ICS) and automation solutions across Europe. Exploitation could lead to denial of network services on affected devices, causing operational downtime, loss of control over industrial processes, and potential safety hazards. The disruption of network interfaces can isolate devices from management systems, complicating incident response and recovery. Given the reliance on these systems in sectors such as automotive manufacturing, energy, and transportation, the impact could extend to supply chain interruptions and critical infrastructure degradation. Furthermore, since the vulnerability requires low-privileged authentication, insider threats or compromised credentials could be leveraged by attackers to cause significant damage. The absence of known exploits currently provides a window for proactive defense, but the high severity score underscores the urgency of addressing this issue.
Mitigation Recommendations
1. Restrict access to the ctrlX OS Device Admin web interface to trusted internal networks and implement strong network segmentation to limit exposure. 2. Enforce strict authentication policies, including multi-factor authentication (MFA), to reduce the risk of credential compromise or misuse by low-privileged users. 3. Monitor and audit all access to the Device Admin interface, focusing on unusual or unauthorized configuration changes to network interfaces. 4. Implement role-based access control (RBAC) to minimize the number of users with permissions to modify network settings. 5. Until an official patch is released, consider deploying Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with custom rules to detect and block suspicious HTTP requests targeting network interface configurations. 6. Regularly back up network interface configurations and device settings to enable rapid restoration in case of malicious deletion. 7. Coordinate with Bosch Rexroth for timely updates and apply patches as soon as they become available. 8. Conduct security awareness training for personnel with access to ctrlX OS to recognize and report suspicious activities.
Affected Countries
Germany, France, Italy, Netherlands, Belgium, Sweden, Finland, Poland, Czech Republic, Austria
CVE-2025-24349: CWE-183 Permissive List of Allowed Inputs in Bosch Rexroth AG ctrlX OS - Device Admin
Description
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network interfaces via a crafted HTTP request.
AI-Powered Analysis
Technical Analysis
CVE-2025-24349 is a high-severity vulnerability identified in the "Network Interfaces" functionality of the web application component of Bosch Rexroth AG's ctrlX OS - Device Admin. The vulnerability stems from a permissive list of allowed inputs (CWE-183), which enables a remote attacker with low-privileged authenticated access to send specially crafted HTTP requests that can delete the configuration of physical network interfaces on the affected device. The affected versions include 1.12.0, 1.20.0, and 2.6.0 of ctrlX OS - Device Admin. The vulnerability does not require user interaction but does require authentication with low privileges, which implies that an attacker must have some level of access credentials to exploit it. The CVSS v3.1 base score is 7.1, reflecting a high severity due to the network attack vector, low attack complexity, and the significant impact on availability (deletion of network interface configurations can cause network outages). The vulnerability does not impact confidentiality but affects integrity and availability, as the attacker can disrupt network connectivity by removing interface configurations. No known exploits are currently reported in the wild, and no patches are linked yet, indicating that mitigation may rely on compensating controls until an official fix is released. The vulnerability is particularly critical in industrial and automation environments where ctrlX OS is deployed, as network interface misconfigurations can lead to operational disruptions and safety risks.
Potential Impact
For European organizations, especially those in industrial automation, manufacturing, and critical infrastructure sectors, this vulnerability poses a significant risk. Bosch Rexroth's ctrlX OS is widely used in industrial control systems (ICS) and automation solutions across Europe. Exploitation could lead to denial of network services on affected devices, causing operational downtime, loss of control over industrial processes, and potential safety hazards. The disruption of network interfaces can isolate devices from management systems, complicating incident response and recovery. Given the reliance on these systems in sectors such as automotive manufacturing, energy, and transportation, the impact could extend to supply chain interruptions and critical infrastructure degradation. Furthermore, since the vulnerability requires low-privileged authentication, insider threats or compromised credentials could be leveraged by attackers to cause significant damage. The absence of known exploits currently provides a window for proactive defense, but the high severity score underscores the urgency of addressing this issue.
Mitigation Recommendations
1. Restrict access to the ctrlX OS Device Admin web interface to trusted internal networks and implement strong network segmentation to limit exposure. 2. Enforce strict authentication policies, including multi-factor authentication (MFA), to reduce the risk of credential compromise or misuse by low-privileged users. 3. Monitor and audit all access to the Device Admin interface, focusing on unusual or unauthorized configuration changes to network interfaces. 4. Implement role-based access control (RBAC) to minimize the number of users with permissions to modify network settings. 5. Until an official patch is released, consider deploying Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with custom rules to detect and block suspicious HTTP requests targeting network interface configurations. 6. Regularly back up network interface configurations and device settings to enable rapid restoration in case of malicious deletion. 7. Coordinate with Bosch Rexroth for timely updates and apply patches as soon as they become available. 8. Conduct security awareness training for personnel with access to ctrlX OS to recognize and report suspicious activities.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- bosch
- Date Reserved
- 2025-01-20T15:09:10.534Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d983bc4522896dcbee196
Added to database: 5/21/2025, 9:09:15 AM
Last enriched: 6/25/2025, 6:35:24 AM
Last updated: 7/31/2025, 9:50:56 PM
Views: 12
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.