{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T23:59:17.678","vulnerabilities":[{"cve":{"id":"CVE-2025-24343","sourceIdentifier":"psirt@bosch.com","published":"2025-04-30T12:15:17.903","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request."},{"lang":"es","value":"Una vulnerabilidad en la funcionalidad “Administra datos de la aplicación” de la aplicación web de ctrlX OS permite que un atacante remoto autenticado (con privilegios bajos) escriba archivos arbitrarios en rutas arbitrarias del sistema de archivos a través de una solicitud HTTP manipulada."}],"metrics":{"cvssMetricV31":[{"source":"psirt@bosch.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"psirt@bosch.com","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html","source":"psirt@bosch.com"}]}}]}