CVE-2025-48861

{"id": "CVE-2025-48861", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@bosch.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-08-14T09:15:26.107", "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-129652.html", "source": "psirt@bosch.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@bosch.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed\u00a0a remote, unauthenticated attacker to access and extract internal application data,\u00a0including potential debug logs and the version of installed apps."}, {"lang": "es", "value": "Una vulnerabilidad en el endpoint de la API de tareas del mecanismo ctrlX OS setup permiti\u00f3 a un atacante remoto no autenticado acceder y extraer datos internos de la aplicaci\u00f3n, incluidos posibles registros de depuraci\u00f3n y la versi\u00f3n de las aplicaciones instaladas."}], "lastModified": "2025-08-14T13:11:53.633", "sourceIdentifier": "psirt@bosch.com"}