Critical RCE Vulnerability Found in Bosch Telex RDC Used by 911 and Critical Infrastructure

In November 2024, during a penetration test for a government agency, Omer Shaik discovered a remote code execution (RCE) vulnerability in the Bosch Telex Remote Dispatch Console (RDC) software, which is used in critical environments such as 911 emergency call centers, public safety, public services, and transportation. After reporting the vulnerability to Bosch, the Bosch PSIRT team acknowledged the issue, released a patch, and issued an official advisory. The associated CVE is CVE-2025-29902.