CVE-2025-24351
📋 TL;DR
A remote authenticated attacker with low privileges can execute arbitrary operating system commands as root on affected ctrlX OS systems via crafted HTTP requests to the Remote Logging functionality. This affects all systems running vulnerable versions of ctrlX OS with the web application enabled.
💻 Affected Systems
- Bosch Rexroth ctrlX OS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with root-level access, allowing installation of persistent backdoors, data exfiltration, lateral movement, and complete system destruction.
Likely Case
Attackers gain root shell access to execute commands, install malware, steal credentials, and pivot to other systems on the network.
If Mitigated
With proper network segmentation and access controls, impact is limited to the compromised system only.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once credentials are obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ctrlX OS 2.0.0
Vendor Advisory: https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html
Restart Required: Yes
Instructions:
1. Backup system configuration. 2. Download ctrlX OS 2.0.0 from official Bosch Rexroth portal. 3. Follow vendor upgrade procedure. 4. Verify successful update. 5. Restart system.
🔧 Temporary Workarounds
Disable Remote Logging
allDisable the vulnerable Remote Logging functionality if not required.
Navigate to ctrlX OS web interface > Settings > Remote Logging > Disable
Restrict Web Access
allImplement network access controls to limit web interface access to trusted IPs only.
Configure firewall rules to restrict access to ctrlX OS web ports (typically 443/HTTPS)
🧯 If You Can't Patch
- Implement strict network segmentation to isolate ctrlX systems from critical networks
- Enforce strong authentication policies and monitor for suspicious login attempts
🔍 How to Verify
Check if Vulnerable:
Check ctrlX OS version via web interface: System Information > Software VersionCheck Version:
Not applicable - use web interface or vendor toolsVerify Fix Applied:
Verify version is ctrlX OS 2.0.0 or later in System Information📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP requests to logging endpoints
- Multiple failed authentication attempts followed by successful login
- Commands executed via web interface with root privileges
Network Indicators:
- HTTP POST requests to /api/logging endpoints with command injection patterns
- Outbound connections from ctrlX system to unexpected destinations
SIEM Query:
source="ctrlx-os" AND (url="*logging*" AND (cmd="*" OR exec="*" OR system="*"))