CVE-2025-24345
📋 TL;DR
A vulnerability in the Hosts functionality of ctrlX OS web application allows authenticated low-privileged attackers to manipulate the system's hosts file via crafted HTTP requests. This affects ctrlX OS installations with web interface access. Attackers could redirect network traffic or disrupt name resolution.
💻 Affected Systems
- Bosch Rexroth ctrlX OS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers redirect critical system traffic to malicious servers, enabling credential theft, man-in-the-middle attacks, or service disruption across the network.
Likely Case
Local network disruption, DNS redirection for specific services, or denial of service through incorrect host resolution.
If Mitigated
Limited impact with proper network segmentation and monitoring; attackers can only affect local system resolution.
🎯 Exploit Status
Exploitation requires authenticated access but involves simple HTTP request manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.0
Vendor Advisory: https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Download ctrlX OS 2.0.0 from official Bosch Rexroth portal. 3. Apply update via ctrlX OS management interface. 4. Restart system. 5. Verify hosts file permissions are properly restricted.
🔧 Temporary Workarounds
Restrict Web Interface Access
allLimit access to ctrlX OS web interface to trusted networks only
Configure firewall rules to restrict access to ctrlX web ports (typically 443)
Implement Least Privilege
allReview and restrict user accounts to minimum necessary privileges
Review user roles in ctrlX OS administration interface
Remove unnecessary low-privileged accounts
🧯 If You Can't Patch
- Implement strict network segmentation to isolate ctrlX OS systems from critical networks
- Deploy host-based monitoring to detect unauthorized modifications to /etc/hosts file
🔍 How to Verify
Check if Vulnerable:
Check ctrlX OS version via web interface or CLI: if version is below 2.0.0, system is vulnerable.Check Version:
ssh admin@ctrlx-ip 'cat /etc/ctrlx-version' or check via web interface System InformationVerify Fix Applied:
Verify version is 2.0.0 or higher and test that low-privileged users cannot modify hosts file via web interface.📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP POST/PUT requests to hosts-related endpoints
- Multiple failed authentication attempts followed by successful low-privileged login
Network Indicators:
- Unexpected DNS resolution changes from ctrlX systems
- Traffic redirection to unusual IP addresses
SIEM Query:
source="ctrlx-os" AND (uri_path="/api/hosts" OR uri_path CONTAINS "hosts") AND http_method IN ("POST", "PUT", "DELETE")