CVE-2025-48862
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-14

Last updated on: 2025-08-14

Assigner: Robert Bosch GmbH

Description
Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key -Β if available in the backup - is encrypted, while the backup file itself remains unencrypted.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-14
Last Modified
2025-08-14
Generated
2026-05-07
AI Q&A
2025-08-14
EPSS Evaluated
2026-05-05
NVD
CVE-2025-48862
EUVD
EUVD-2025-24678
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bosch ctrlx_os_setup *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-311 The product does not encrypt sensitive or critical information before storage or transmission.
CWE-1104 The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves ambiguous wording in the web interface of the ctrlX OS setup mechanism. It may mislead users into thinking that the entire backup file is encrypted when a password is set. In reality, only the private key within the backup (if present) is encrypted, while the rest of the backup file remains unencrypted.


How can this vulnerability impact me? :

The impact of this vulnerability is that sensitive data contained in the backup file, other than the private key, could be exposed because the backup file itself is not encrypted despite user expectations. This could lead to unauthorized access to unencrypted backup data.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart