CVE-2025-48860
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-14

Last updated on: 2025-08-14

Assigner: Robert Bosch GmbH

Description
A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to access sensitive data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-14
Last Modified
2025-08-14
Generated
2026-05-07
AI Q&A
2025-08-14
EPSS Evaluated
2026-05-05
NVD
CVE-2025-48860
EUVD
EUVD-2025-24681
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bosch ctrlx_os *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the web application of the ctrlX OS setup mechanism, where an authenticated attacker with low privileges can gain remote access to backup archives created by a user with higher permissions. This means that the attacker can potentially access sensitive data contained within those backup archives.


How can this vulnerability impact me? :

The vulnerability can allow an attacker with low privileges to remotely access backup archives that may contain sensitive data. This could lead to unauthorized disclosure of confidential information, potentially causing data breaches and compromising system integrity and availability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart