CVE-2025-27532

Medium

A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged)…

bosch·CWE-312·Published 2025-04-30

CVSS

6.5

EPSS

0.03

KEV

Exploits

Vendor statements (1)

psirt.bosch.com

cve.orgen

210 chars

A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests.

NVDes

255 chars

Una vulnerabilidad en la funcionalidad “Copia de seguridad y restauración” de la aplicación web de ctrlX OS permite que un atacante remoto autenticado (con pocos privilegios) acceda a información secreta a través de múltiples solicitudes HTTP manipuladas.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	6.5	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3.1	Primary	cve.org	6.5	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3.1	Secondary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N