Remote Code Execution in Telex RDC Server and RTS VLink Virtual Matrix

Advisory Information

• Advisory ID: BOSCH-SA-992447-BT
• CVE Numbers and CVSS v3.1 Scores:
  • CVE-2025-29902
    • Base Score: 10.0 (Critical)
• Published: 10 Jun 2025
• Last Updated: 10 Jun 2025

Summary

A security vulnerability has been uncovered in the REST API of the Telex Remote Dispatch Console Server and the RTS VLink Virtual Matrix Software. The vulnerability will allow a Remote Code Execution (RCE) attack.

All versions < 1.3.0 of the Telex Remote Dispatch Console Server are affected by this vulnerability.

Versions v5 and v6 (< 6.6.0) of the RTS VLink Virtual Matrix Software are affected by this vulnerability. Older versions (v4 and lower) are not affected.

The vulnerability has been uncovered and disclosed responsibly by external researcher Omer Shaik.

Affected Products

• RTS VLink Virtual Matrix Software on: Windows
  • CVE-2025-29902
    • Version(s): 5
    • Version(s): 6.0.0 - 6.6.0 (excluding)
• Telex Remote Dispatch Console Server on: Windows
  • CVE-2025-29902
    • Version(s): 1.0.0 - 1.3.0 (excluding)

Solution and Mitigations

Solution

Update the Telex Remote Dispatch Console Server to version 1.3.0.

Update the VLink Virtual Matrix Software to version 6.6.0 if you are currently using a v6 version.

Upgrade the VLink Virtual Matrix Software to v6 (specifically to version 6.6.0) if you are currently using a v5 version.

To ensure the security of your system, we strongly recommend that you update your software to the latest version. Instructions for downloading and updating your system may be found at https://products.rtsintercoms.com/binary/VLink_Upgrade_Instructions.pdf

Mitigation

Blocking the web interface ports (80 and 443) of the RTS VLink Virtual Matrix Software or the Telex RDC Server in a firewall will prevent the vulnerability from being misused from a remote location.

In all cases it is still strongly advised to perform the update as soon as possible since that will remove the vulnerability.

Vulnerability Details

CVE-2025-29902

CVE description: Remote code execution that allows unauthorized users to execute arbitrary code on the server machine.

• Problem Type:
  • CWE-94 Improper Control of Generation of Code (‘Code Injection’)
• CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Base Score: 10.0 (Critical)

Remarks

Security Update Information

With respect to Directive (EU) 2019/770 and Directive (EU) 2019/771 and their national transposition laws, please note:

It is your responsibility to download and/or install any security updates provided by us, for example to maintain product or data security. If you fail to install a security update provided to you within a reasonable period of time, we will not be liable for any product defect solely due to the absence of such security update.

Alternatively, we are entitled to directly download and/or install security updates regardless of your settings. In these cases, we will provide you with the relevant information, e.g. in this security advisory.

CVSS Scoring

Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

Additional Resources

• [1] Telex RDC Server Upgrade Instructions: https://vdispatch.rtsvlink.com/upgrade/
• [2] Telex RDC Server 1.3.0: https://telex-downloads.s3.us-east-1.amazonaws.com/Releases/250526_v130_RDC_Server.zip
• [3] VLink Upgrade Instructions: https://products.rtsintercoms.com/binary/VLink_Upgrade_Instructions.pdf
• [4] VLink Software version 6.6.0: https://products.rtsintercoms.com/downloadfile.php?id=100582

Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .

Revision History

• 10 Jun 2025: Initial Publication

Appendix

Material List

Please find the SAP Number and CTN of the affected products below.