CVE-2025-24350 is a high-severity vulnerability identified in Bosch Rexroth AG's ctrlX OS - Device Admin web application, specifically within the "Certificates and Keys" functionality. The flaw is classified as a CWE-23 Relative Path Traversal vulnerability. It allows a remote attacker with low-privileged authenticated access to craft HTTP requests that manipulate file paths, enabling the attacker to write arbitrary certificate files to arbitrary locations on the device's file system. This can lead to unauthorized modification of system files or insertion of malicious certificates, potentially undermining system integrity and availability. The vulnerability affects multiple versions of ctrlX OS - Device Admin, including 1.12.0, 1.20.0, and 2.6.0. The CVSS v3.1 base score is 7.1, indicating high severity, with the vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H. This means the attack can be performed remotely over the network with low attack complexity, requiring low privileges but no user interaction. The impact primarily affects integrity and availability, as confidentiality is not directly compromised. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability's exploitation could allow attackers to disrupt device operations or persist by planting malicious certificates, which may be leveraged for further attacks or to bypass security controls within industrial automation environments where ctrlX OS is deployed.

For European organizations, especially those operating in industrial automation, manufacturing, and critical infrastructure sectors, this vulnerability poses a significant risk. ctrlX OS is used in industrial control systems (ICS) and automation devices, which are integral to manufacturing processes and operational technology (OT) environments. Exploitation could lead to system downtime, disruption of production lines, or manipulation of device behavior, impacting operational continuity and safety. The ability to write arbitrary certificates could facilitate man-in-the-middle attacks or unauthorized device control, undermining trust in device communications. Given the increasing digitalization and Industry 4.0 adoption across Europe, such vulnerabilities could have cascading effects on supply chains and critical services. The lack of confidentiality impact reduces the risk of data leakage, but the integrity and availability impacts are critical in industrial contexts where safety and reliability are paramount.

1. Immediate mitigation should include restricting access to the ctrlX OS - Device Admin web interface to trusted networks and users only, minimizing exposure to potential attackers. 2. Implement strict authentication and authorization controls to limit low-privileged user capabilities, ensuring that only necessary personnel have access to certificate management functions. 3. Monitor and log all certificate-related activities to detect anomalous or unauthorized file writes. 4. Employ network segmentation to isolate industrial control systems from general IT networks, reducing the attack surface. 5. Since no patches are currently available, consider deploying Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with custom rules to detect and block path traversal attempts targeting the certificate management endpoints. 6. Regularly audit and verify the integrity of certificates and keys on devices to detect unauthorized modifications. 7. Engage with Bosch Rexroth AG for timely updates and patches, and plan for rapid deployment once available. 8. Conduct security awareness training for administrators managing ctrlX OS devices to recognize and respond to suspicious activities related to certificate management.