CVE-2025-24341

{"id": "CVE-2025-24341", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@bosch.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-04-30T12:15:15.493", "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", "source": "psirt@bosch.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@bosch.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device."}, {"lang": "es", "value": "Una vulnerabilidad en la aplicaci\u00f3n web de ctrlX OS permite a un atacante remoto autenticado (con privilegios bajos) inducir una denegaci\u00f3n de servicio (DoS) en el dispositivo mediante m\u00faltiples solicitudes HTTP manipuladas. En el peor de los casos, se requiere un reinicio completo para recuperar el control del dispositivo."}], "lastModified": "2025-05-02T13:53:40.163", "sourceIdentifier": "psirt@bosch.com"}