CVE-2025-24351

A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request.
Configurations

No configuration.

History

02 May 2025, 13:53

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en la funcionalidad de “Registro remoto” de la aplicación web de ctrlX OS permite que un atacante remoto autenticado (con privilegios bajos) ejecute comandos arbitrarios del sistema operativo en el contexto del usuario “root” a través de una solicitud HTTP manipulada.

30 Apr 2025, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-30 12:15

Updated : 2025-05-02 13:53


NVD link : CVE-2025-24351

Mitre link : CVE-2025-24351

CVE.ORG link : CVE-2025-24351


JSON object : View

Products Affected

No product.

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')