{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-24343", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "state": "PUBLISHED", "assignerShortName": "bosch", "dateReserved": "2025-01-20T15:09:10.532Z", "datePublished": "2025-04-30T11:26:51.681Z", "dateUpdated": "2025-04-30T15:07:05.596Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2025-04-30T11:26:51.681Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the \u201cManages app data\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request."}], "affected": [{"vendor": "Bosch Rexroth AG", "product": "ctrlX OS - Solutions", "versions": [{"version": "1.12.0", "status": "affected", "versionType": "custom", "lessThanOrEqual": "1.12.1"}, {"version": "1.20.0", "status": "affected", "versionType": "custom", "lessThanOrEqual": "1.20.1"}, {"version": "2.6.0", "status": "affected", "versionType": "custom", "lessThanOrEqual": "2.6.0"}]}], "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "CWE-23 Relative Path Traversal", "cweId": "CWE-23"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-30T15:06:49.455305Z", "id": "CVE-2025-24343", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T15:07:05.596Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24343", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-30T15:06:49.455305Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T15:07:00.494Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Bosch Rexroth AG", "product": "ctrlX OS - Solutions", "versions": [{"status": "affected", "version": "1.12.0", "versionType": "custom", "lessThanOrEqual": "1.12.1"}, {"status": "affected", "version": "1.20.0", "versionType": "custom", "lessThanOrEqual": "1.20.1"}, {"status": "affected", "version": "2.6.0", "versionType": "custom", "lessThanOrEqual": "2.6.0"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the \u201cManages app data\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "cweId": "CWE-23", "description": "CWE-23 Relative Path Traversal"}]}], "providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2025-04-30T11:26:51.681Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24343", "state": "PUBLISHED", "dateUpdated": "2025-04-30T15:07:05.596Z", "dateReserved": "2025-01-20T15:09:10.532Z", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "datePublished": "2025-04-30T11:26:51.681Z", "assignerShortName": "bosch"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the \u201cManages app data\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad \u201cAdministra datos de la aplicaci\u00f3n\u201d de la aplicaci\u00f3n web de ctrlX OS permite que un atacante remoto autenticado (con privilegios bajos) escriba archivos arbitrarios en rutas arbitrarias del sistema de archivos a trav\u00e9s de una solicitud HTTP manipulada."}], "id": "CVE-2025-24343", "lastModified": "2025-05-02T13:53:40.163", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "psirt@bosch.com", "type": "Secondary"}]}, "published": "2025-04-30T12:15:17.903", "references": [{"source": "psirt@bosch.com", "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"}], "sourceIdentifier": "psirt@bosch.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-23"}], "source": "psirt@bosch.com", "type": "Secondary"}]}

{}