{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T12:08:47.738","vulnerabilities":[{"cve":{"id":"CVE-2025-24351","sourceIdentifier":"psirt@bosch.com","published":"2025-04-30T12:15:21.937","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request."},{"lang":"es","value":"Una vulnerabilidad en la funcionalidad de “Registro remoto” de la aplicación web de ctrlX OS permite que un atacante remoto autenticado (con privilegios bajos) ejecute comandos arbitrarios del sistema operativo en el contexto del usuario “root” a través de una solicitud HTTP manipulada."}],"metrics":{"cvssMetricV31":[{"source":"psirt@bosch.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@bosch.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html","source":"psirt@bosch.com"}]}}]}