CVE-2025-48862 HIGH

CVE-2025-48862

Vendor Bosch Rexroth Ag
Product ctrlX OS - Setup
Weakness CWE-1104
Published August 14, 2025
Last update August 14, 2025

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted.

Key dates

02Disclosure timeline

August 14, 2025 CVE published
August 14, 2025 Record updated