Skip to main content

CVE-2025-24349: CWE-183 Permissive List of Allowed Inputs in Bosch Rexroth AG ctrlX OS - Device Admin

High
VulnerabilityCVE-2025-24349cvecve-2025-24349cwe-183
Published: Wed Apr 30 2025 (04/30/2025, 11:44:33 UTC)
Source: CVE
Vendor/Project: Bosch Rexroth AG
Product: ctrlX OS - Device Admin

Description

A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network interfaces via a crafted HTTP request.

AI-Powered Analysis

AILast updated: 06/25/2025, 06:35:24 UTC

Technical Analysis

CVE-2025-24349 is a high-severity vulnerability identified in the "Network Interfaces" functionality of the web application component of Bosch Rexroth AG's ctrlX OS - Device Admin. The vulnerability stems from a permissive list of allowed inputs (CWE-183), which enables a remote attacker with low-privileged authenticated access to send specially crafted HTTP requests that can delete the configuration of physical network interfaces on the affected device. The affected versions include 1.12.0, 1.20.0, and 2.6.0 of ctrlX OS - Device Admin. The vulnerability does not require user interaction but does require authentication with low privileges, which implies that an attacker must have some level of access credentials to exploit it. The CVSS v3.1 base score is 7.1, reflecting a high severity due to the network attack vector, low attack complexity, and the significant impact on availability (deletion of network interface configurations can cause network outages). The vulnerability does not impact confidentiality but affects integrity and availability, as the attacker can disrupt network connectivity by removing interface configurations. No known exploits are currently reported in the wild, and no patches are linked yet, indicating that mitigation may rely on compensating controls until an official fix is released. The vulnerability is particularly critical in industrial and automation environments where ctrlX OS is deployed, as network interface misconfigurations can lead to operational disruptions and safety risks.

Potential Impact

For European organizations, especially those in industrial automation, manufacturing, and critical infrastructure sectors, this vulnerability poses a significant risk. Bosch Rexroth's ctrlX OS is widely used in industrial control systems (ICS) and automation solutions across Europe. Exploitation could lead to denial of network services on affected devices, causing operational downtime, loss of control over industrial processes, and potential safety hazards. The disruption of network interfaces can isolate devices from management systems, complicating incident response and recovery. Given the reliance on these systems in sectors such as automotive manufacturing, energy, and transportation, the impact could extend to supply chain interruptions and critical infrastructure degradation. Furthermore, since the vulnerability requires low-privileged authentication, insider threats or compromised credentials could be leveraged by attackers to cause significant damage. The absence of known exploits currently provides a window for proactive defense, but the high severity score underscores the urgency of addressing this issue.

Mitigation Recommendations

1. Restrict access to the ctrlX OS Device Admin web interface to trusted internal networks and implement strong network segmentation to limit exposure. 2. Enforce strict authentication policies, including multi-factor authentication (MFA), to reduce the risk of credential compromise or misuse by low-privileged users. 3. Monitor and audit all access to the Device Admin interface, focusing on unusual or unauthorized configuration changes to network interfaces. 4. Implement role-based access control (RBAC) to minimize the number of users with permissions to modify network settings. 5. Until an official patch is released, consider deploying Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with custom rules to detect and block suspicious HTTP requests targeting network interface configurations. 6. Regularly back up network interface configurations and device settings to enable rapid restoration in case of malicious deletion. 7. Coordinate with Bosch Rexroth for timely updates and apply patches as soon as they become available. 8. Conduct security awareness training for personnel with access to ctrlX OS to recognize and report suspicious activities.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
bosch
Date Reserved
2025-01-20T15:09:10.534Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d983bc4522896dcbee196

Added to database: 5/21/2025, 9:09:15 AM

Last enriched: 6/25/2025, 6:35:24 AM

Last updated: 8/17/2025, 4:23:49 PM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats