CVE-2025-48860 is a vulnerability identified in the web application component of Bosch Rexroth AG's ctrlX OS Setup mechanism, affecting versions 1.20.0, 2.6.0, and 3.6.0. The flaw arises from improper access control (CWE-284), allowing an attacker with low-level authenticated access to remotely retrieve backup archives generated by users with higher privileges. These backup archives potentially contain sensitive configuration data or credentials, which if accessed, could compromise system confidentiality and integrity. The vulnerability requires the attacker to be authenticated with low privileges and involves user interaction, but no elevated privileges are needed initially. The CVSS v3.1 base score of 8.0 reflects the high impact on confidentiality, integrity, and availability, with network attack vector and low attack complexity. Although no known exploits are currently in the wild, the risk is significant due to the sensitive nature of the data exposed and the critical role of ctrlX OS in industrial automation environments. The vulnerability could enable lateral movement within networks, data exfiltration, or disruption of industrial control systems. Bosch Rexroth has not yet published patches, so mitigation relies on access restrictions and monitoring. This vulnerability highlights the importance of strict access controls in industrial IoT and automation platforms.

The impact of CVE-2025-48860 is substantial for organizations using Bosch Rexroth ctrlX OS in industrial automation and manufacturing environments. Unauthorized access to backup archives containing sensitive configuration data or credentials can lead to confidentiality breaches, enabling attackers to gather intelligence for further attacks or sabotage. Integrity of the system could be compromised if attackers manipulate backup data or use obtained credentials to alter system configurations. Availability may also be affected if attackers disrupt backup or restore processes. The vulnerability facilitates lateral movement within networks, increasing the attack surface. Given the critical role of ctrlX OS in controlling industrial machinery, exploitation could result in operational disruptions, safety hazards, and financial losses. The requirement for low-privileged authentication lowers the barrier for exploitation, increasing risk. Organizations globally that rely on Bosch Rexroth automation solutions face potential exposure until patches are released and applied.

To mitigate CVE-2025-48860, organizations should implement the following specific measures: 1) Immediately restrict access to the ctrlX OS Setup web interface to trusted administrators only, using network segmentation and firewall rules. 2) Enforce strong authentication and authorization policies to limit low-privileged user access to the setup mechanism. 3) Monitor access logs and network traffic for unusual attempts to retrieve backup archives or access the setup interface. 4) Disable or remove unnecessary backup creation features if possible until patches are available. 5) Coordinate with Bosch Rexroth for timely updates and apply security patches as soon as they are released. 6) Conduct regular audits of backup archives to ensure they do not contain excessive sensitive data. 7) Educate users about the risk of social engineering or phishing that could lead to low-privileged account compromise. 8) Employ intrusion detection systems tailored to industrial control environments to detect lateral movement attempts. These targeted actions go beyond generic advice by focusing on access control hardening, monitoring, and operational hygiene specific to the ctrlX OS environment.