Platform
other
Component
ctrlx-os-device-admin
Fixed in
1.12.10
1.20.8
2.6.9
CVE-2025-24350 is a high-severity vulnerability affecting the “Certificates and Keys” functionality within the web application of ctrlX OS Device Admin. This flaw allows a remote, authenticated attacker with low privileges to write arbitrary certificates to any location on the file system using a specially crafted HTTP request. Versions 1.12.0 through 2.6.8 are vulnerable, and a fix is available in version 2.6.9.
The impact of CVE-2025-24350 is substantial. Successful exploitation allows an attacker to inject malicious certificates into the system, potentially leading to man-in-the-middle attacks, compromised trust relationships, and unauthorized access to resources. An attacker could, for example, replace legitimate certificates with their own, enabling them to intercept and decrypt sensitive communications. The ability to write to arbitrary file system paths also increases the potential for further exploitation and lateral movement within the ctrlX OS environment. This vulnerability highlights a critical weakness in certificate management and could have far-reaching consequences for system security.
CVE-2025-24350 was publicly disclosed on 2025-04-30. Currently, there are no known public proof-of-concept exploits available. The EPSS score is pending evaluation. It is recommended to prioritize patching due to the potential for significant impact and the ease of exploitation given the requirement for only low-privileged authentication.
Exploit Status
EPSS
0.26% (49% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-24350 is to upgrade ctrlX OS Device Admin to version 2.6.9 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds. Restrict access to the “Certificates and Keys” functionality to only authorized users. Implement strict input validation on all HTTP requests to prevent malicious data from being processed. Monitor file system activity for unexpected certificate modifications. While a WAF or proxy cannot directly prevent this vulnerability, it can be configured to detect and block suspicious HTTP requests targeting the certificate management endpoint. After upgrading, verify certificate integrity by inspecting the certificate store and ensuring that only legitimate certificates are present.
Actualice ctrlX OS a una versión posterior a 1.12.9, 1.20.7 o 2.6.8, según corresponda, para mitigar la vulnerabilidad. Esto evitará que atacantes autenticados con pocos privilegios escriban certificados arbitrarios en el sistema de archivos. Consulte el aviso de seguridad de Bosch para obtener más detalles e instrucciones específicas.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-24350 is a high-severity vulnerability allowing a remote, authenticated attacker to write arbitrary certificates to any file system path within the ctrlX OS Device Admin web application, impacting versions 1.12.0–2.6.8.
You are affected if you are running ctrlX OS Device Admin versions 1.12.0 through 2.6.8. Assess your environment immediately to determine if you are vulnerable.
Upgrade to ctrlX OS Device Admin version 2.6.9 or later to remediate the vulnerability. Implement temporary workarounds if an immediate upgrade is not possible.
As of the current disclosure date, there are no confirmed reports of active exploitation, but the vulnerability’s ease of exploitation warrants immediate attention.
Refer to the official ctrlX OS security advisory for detailed information and guidance regarding CVE-2025-24350. Check the ctrlX OS website for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.