CVE-2025-60035 is a deserialization vulnerability classified under CWE-502 found in the OPC.Testclient utility of Bosch Rexroth IndraWorks software. The vulnerability affects all versions prior to 15V24 and arises when the application parses a specially crafted file containing malicious serialized data. When a user opens such a file, the OPC.Testclient deserializes the data without proper validation or sanitization, allowing an attacker to execute arbitrary code on the victim's system. This remote code execution (RCE) can lead to complete system compromise, including unauthorized access, data manipulation, or disruption of industrial control processes. The vulnerability requires user interaction (opening the malicious file) and does not require prior authentication, increasing the attack surface. The CVSS v3.1 score of 7.8 reflects high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no exploits are currently known in the wild, the risk is significant due to the critical nature of industrial automation environments where IndraWorks is deployed. The flaw highlights the dangers of insecure deserialization, a common vector for code injection attacks, especially in software handling complex serialized objects without adequate input validation.

For European organizations, especially those in manufacturing, industrial automation, and critical infrastructure sectors, this vulnerability poses a significant risk. Bosch Rexroth IndraWorks is widely used in industrial control systems (ICS) and automation environments across Europe. Successful exploitation could lead to unauthorized control over industrial processes, data breaches, operational disruptions, and potential safety hazards. The ability to execute arbitrary code remotely could allow attackers to pivot within networks, compromise sensitive operational technology (OT) environments, and cause downtime or physical damage. Given the reliance on automation in European manufacturing hubs such as Germany, France, and Italy, the impact could extend to supply chain disruptions and economic losses. Additionally, the requirement for user interaction means phishing or social engineering could be leveraged to deliver the malicious files, increasing the threat vector. The absence of known exploits currently provides a window for proactive defense, but the high severity demands urgent attention.

1. Immediately update Bosch Rexroth IndraWorks to version 15V24 or later where the vulnerability is patched. 2. Implement strict policies to control and verify the source of files opened by OPC.Testclient, including disabling the opening of files from untrusted or external sources. 3. Employ application whitelisting and endpoint protection solutions that can detect and block suspicious deserialization behaviors or execution of unauthorized code. 4. Conduct user awareness training focused on recognizing and avoiding phishing attempts or suspicious files that could trigger exploitation. 5. Monitor network and host logs for unusual activity related to OPC.Testclient usage, including unexpected process launches or file accesses. 6. Segment industrial networks to limit lateral movement if a compromise occurs. 7. Consider deploying runtime application self-protection (RASP) or sandboxing techniques to contain potential exploits. 8. Engage with Bosch Rexroth support for any additional recommended security configurations or patches.