CVE-2025-24340
📋 TL;DR
A vulnerability in ctrlX OS allows authenticated low-privileged users to recover plaintext passwords of other users from the users configuration file. This affects systems running vulnerable versions of ctrlX OS where attackers have valid low-privileged credentials.
💻 Affected Systems
- Bosch Rexroth ctrlX OS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative access to the system, potentially leading to full system compromise, data theft, or disruption of industrial operations.
Likely Case
Attackers escalate privileges to access sensitive functions or data they shouldn't have access to, potentially modifying configurations or accessing proprietary information.
If Mitigated
Limited impact due to network segmentation, strong authentication controls, and monitoring that detects unusual access patterns.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once credentials are obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ctrlX OS 2.0.0 or later
Vendor Advisory: https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Download ctrlX OS 2.0.0 or later from official Bosch Rexroth sources. 3. Apply the update following vendor documentation. 4. Restart the system. 5. Verify the update was successful.
🔧 Temporary Workarounds
Restrict Access to User Configuration Files
linuxLimit file system access permissions to prevent low-privileged users from reading sensitive configuration files.
chmod 600 /path/to/users/config/file
chown root:root /path/to/users/config/file
Implement Network Segmentation
allIsolate ctrlX OS systems from general network access to reduce attack surface.
🧯 If You Can't Patch
- Implement strict access controls and monitoring for user configuration file access.
- Regularly rotate all user passwords and implement multi-factor authentication where possible.
🔍 How to Verify
Check if Vulnerable:
Check ctrlX OS version via system settings or command line. Versions before 2.0.0 are vulnerable.Check Version:
cat /etc/os-release | grep VERSIONVerify Fix Applied:
Verify system is running ctrlX OS 2.0.0 or later and test that low-privileged users cannot access other users' password data.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to user configuration files
- Multiple failed authentication attempts followed by successful login
- User privilege escalation events
Network Indicators:
- Unexpected connections to ctrlX OS management interfaces
- Traffic patterns suggesting credential harvesting
SIEM Query:
source="ctrlx-os" AND (event="file_access" AND file_path="*users*config*") OR (event="auth" AND result="success" AND user="low_privilege")