{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T02:39:49.328","vulnerabilities":[{"cve":{"id":"CVE-2025-48860","sourceIdentifier":"psirt@bosch.com","published":"2025-08-14T09:15:25.770","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to access sensitive data."},{"lang":"es","value":"Una vulnerabilidad en la aplicación web del mecanismo ctrlX OS setup permitió que un atacante autenticado (con pocos privilegios) obtuviera acceso remoto a archivos de respaldo creados por un usuario con permisos elevados. Dependiendo del contenido del archivo de respaldo, el atacante podría haber accedido a datos confidenciales."}],"metrics":{"cvssMetricV31":[{"source":"psirt@bosch.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@bosch.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://psirt.bosch.com/security-advisories/BOSCH-SA-129652.html","source":"psirt@bosch.com"}]}}]}