CVE-2025-48861

Medium CVSS 5.3

Overview

A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps.

CWE: CWE-284 Published: 2025-08-14T09:15:26.107

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 5.3 (MEDIUM)
Detected tags: unauth_access (tag impact: HIGH)

Recommended actions:

Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags