CVE-2025-48860 HIGH

CVE-2025-48860

Vendor Bosch Rexroth Ag
Product ctrlX OS - Setup
Weakness CWE-284
Published August 14, 2025
Last update February 26, 2026

CVSS base score

8.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to access sensitive data.

Key dates

02Disclosure timeline

August 14, 2025 CVE published
February 26, 2026 Record updated