{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-48861", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "state": "PUBLISHED", "assignerShortName": "bosch", "dateReserved": "2025-05-27T10:45:32.638Z", "datePublished": "2025-08-14T09:07:24.465Z", "dateUpdated": "2025-08-14T15:47:23.792Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2025-08-14T09:07:24.465Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed\u00a0a remote, unauthenticated attacker to access and extract internal application data,\u00a0including potential debug logs and the version of installed apps."}], "affected": [{"vendor": "Bosch Rexroth AG", "product": "ctrlX OS - Setup", "versions": [{"version": "1.20.0", "status": "affected", "versionType": "custom", "lessThanOrEqual": "1.20.1"}, {"version": "2.6.0", "status": "affected", "versionType": "custom", "lessThanOrEqual": "2.6.1"}, {"version": "3.6.0", "status": "affected", "versionType": "custom", "lessThanOrEqual": "3.6.2"}]}], "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "CWE-284 Improper Access Control", "cweId": "CWE-284"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-129652.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-129652.html", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-14T15:46:48.369443Z", "id": "CVE-2025-48861", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-14T15:47:23.792Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-48861", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-14T15:46:48.369443Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-14T15:47:17.097Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Bosch Rexroth AG", "product": "ctrlX OS - Setup", "versions": [{"status": "affected", "version": "1.20.0", "versionType": "custom", "lessThanOrEqual": "1.20.1"}, {"status": "affected", "version": "2.6.0", "versionType": "custom", "lessThanOrEqual": "2.6.1"}, {"status": "affected", "version": "3.6.0", "versionType": "custom", "lessThanOrEqual": "3.6.2"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-129652.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-129652.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed\u00a0a remote, unauthenticated attacker to access and extract internal application data,\u00a0including potential debug logs and the version of installed apps."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2025-08-14T09:07:24.465Z"}}}, "cveMetadata": {"cveId": "CVE-2025-48861", "state": "PUBLISHED", "dateUpdated": "2025-08-14T15:47:23.792Z", "dateReserved": "2025-05-27T10:45:32.638Z", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "datePublished": "2025-08-14T09:07:24.465Z", "assignerShortName": "bosch"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed\u00a0a remote, unauthenticated attacker to access and extract internal application data,\u00a0including potential debug logs and the version of installed apps."}, {"lang": "es", "value": "Una vulnerabilidad en el endpoint de la API de tareas del mecanismo ctrlX OS setup permiti\u00f3 a un atacante remoto no autenticado acceder y extraer datos internos de la aplicaci\u00f3n, incluidos posibles registros de depuraci\u00f3n y la versi\u00f3n de las aplicaciones instaladas."}], "id": "CVE-2025-48861", "lastModified": "2025-08-14T13:11:53.633", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-08-14T09:15:26.107", "references": [{"source": "[email protected]", "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-129652.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "[email protected]", "type": "Secondary"}]}

{}