CVE-2025-48862
HIGHDescription
Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted.
Is your site exposed to CVE-2025-48862?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-48862? +
How severe is CVE-2025-48862? +
How do I check if I'm vulnerable to CVE-2025-48862? +
Related Vulnerabilities
The Temporal api-go library prior to version 1.44.1 did not send `update response` information to Data Converter when the proxy …
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the …
Sensitive customer information is stored in the device without encryption.
Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT …
Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2.
Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to …