CVE-2025-60036: CWE-502 Deserialization of Untrusted Data in Bosch Rexroth IndraWorks
A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient.
AI Analysis
Technical Summary
CVE-2025-60036 is a vulnerability identified in the UA.Testclient utility component of Bosch Rexroth's IndraWorks software suite, affecting all versions prior to 15V24. The root cause is unsafe deserialization of untrusted data (CWE-502), where the application parses serialized data from files without proper validation or sanitization. An attacker can craft a malicious serialized file that, when opened by a user in UA.Testclient, triggers deserialization of harmful payloads leading to remote code execution (RCE). This flaw requires user interaction—specifically, the victim must open the malicious file—but does not require any prior authentication or elevated privileges. The CVSS 3.1 base score is 7.8 (high), reflecting the vulnerability's potential to compromise confidentiality, integrity, and availability of the affected system. The attack vector is local (AV:L), with low attack complexity (AC:L), no privileges required (PR:N), but user interaction is necessary (UI:R). The vulnerability scope is unchanged (S:U), meaning the exploit affects only the vulnerable component. No public exploits have been reported yet, but the risk remains significant given the critical nature of industrial control systems that rely on IndraWorks. The vulnerability could allow attackers to gain full control over systems running UA.Testclient, potentially disrupting industrial processes or causing data breaches.
Potential Impact
For European organizations, especially those in industrial automation, manufacturing, and critical infrastructure sectors, this vulnerability poses a serious risk. Bosch Rexroth IndraWorks is widely used in European factories and industrial plants for automation control and configuration. Exploitation could lead to unauthorized control over industrial systems, causing operational disruptions, safety hazards, and potential data exfiltration. The compromise of such systems could have cascading effects on supply chains and critical services. Confidentiality breaches could expose sensitive operational data, while integrity and availability impacts could halt production lines or cause unsafe conditions. The requirement for user interaction somewhat limits mass exploitation but targeted spear-phishing or social engineering attacks could be effective. Given the strategic importance of industrial automation in Europe, the impact could be severe in countries with large manufacturing bases.
Mitigation Recommendations
1. Apply official patches or updates from Bosch Rexroth as soon as they become available to address this vulnerability. 2. Until patches are released, restrict the use of UA.Testclient to trusted personnel and environments. 3. Implement strict file handling policies to prevent opening files from untrusted or unknown sources within UA.Testclient. 4. Employ application whitelisting and endpoint protection solutions to detect and block suspicious deserialization behaviors or code execution attempts. 5. Conduct user training focused on recognizing phishing and social engineering attempts that might deliver malicious files. 6. Monitor network and host logs for unusual activities related to UA.Testclient processes. 7. Consider isolating or sandboxing UA.Testclient usage environments to limit potential damage from exploitation. 8. Coordinate with Bosch Rexroth support for guidance and early access to patches or workarounds.
Affected Countries
Germany, France, Italy, United Kingdom, Netherlands, Belgium, Poland, Czech Republic, Sweden, Austria
CVE-2025-60036: CWE-502 Deserialization of Untrusted Data in Bosch Rexroth IndraWorks
Description
A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient.
AI-Powered Analysis
Technical Analysis
CVE-2025-60036 is a vulnerability identified in the UA.Testclient utility component of Bosch Rexroth's IndraWorks software suite, affecting all versions prior to 15V24. The root cause is unsafe deserialization of untrusted data (CWE-502), where the application parses serialized data from files without proper validation or sanitization. An attacker can craft a malicious serialized file that, when opened by a user in UA.Testclient, triggers deserialization of harmful payloads leading to remote code execution (RCE). This flaw requires user interaction—specifically, the victim must open the malicious file—but does not require any prior authentication or elevated privileges. The CVSS 3.1 base score is 7.8 (high), reflecting the vulnerability's potential to compromise confidentiality, integrity, and availability of the affected system. The attack vector is local (AV:L), with low attack complexity (AC:L), no privileges required (PR:N), but user interaction is necessary (UI:R). The vulnerability scope is unchanged (S:U), meaning the exploit affects only the vulnerable component. No public exploits have been reported yet, but the risk remains significant given the critical nature of industrial control systems that rely on IndraWorks. The vulnerability could allow attackers to gain full control over systems running UA.Testclient, potentially disrupting industrial processes or causing data breaches.
Potential Impact
For European organizations, especially those in industrial automation, manufacturing, and critical infrastructure sectors, this vulnerability poses a serious risk. Bosch Rexroth IndraWorks is widely used in European factories and industrial plants for automation control and configuration. Exploitation could lead to unauthorized control over industrial systems, causing operational disruptions, safety hazards, and potential data exfiltration. The compromise of such systems could have cascading effects on supply chains and critical services. Confidentiality breaches could expose sensitive operational data, while integrity and availability impacts could halt production lines or cause unsafe conditions. The requirement for user interaction somewhat limits mass exploitation but targeted spear-phishing or social engineering attacks could be effective. Given the strategic importance of industrial automation in Europe, the impact could be severe in countries with large manufacturing bases.
Mitigation Recommendations
1. Apply official patches or updates from Bosch Rexroth as soon as they become available to address this vulnerability. 2. Until patches are released, restrict the use of UA.Testclient to trusted personnel and environments. 3. Implement strict file handling policies to prevent opening files from untrusted or unknown sources within UA.Testclient. 4. Employ application whitelisting and endpoint protection solutions to detect and block suspicious deserialization behaviors or code execution attempts. 5. Conduct user training focused on recognizing phishing and social engineering attempts that might deliver malicious files. 6. Monitor network and host logs for unusual activities related to UA.Testclient processes. 7. Consider isolating or sandboxing UA.Testclient usage environments to limit potential damage from exploitation. 8. Coordinate with Bosch Rexroth support for guidance and early access to patches or workarounds.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- bosch
- Date Reserved
- 2025-09-25T12:06:05.896Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6995c8856aea4a407a9d0cf7
Added to database: 2/18/2026, 2:11:17 PM
Last enriched: 2/18/2026, 2:26:25 PM
Last updated: 2/21/2026, 2:16:45 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-27203: CWE-15: External Control of System or Configuration Setting in YosefHayim ebay-mcp
HighCVE-2026-27168: CWE-122: Heap-based Buffer Overflow in HappySeaFox sail
HighCVE-2026-27134: CWE-287: Improper Authentication in strimzi strimzi-kafka-operator
HighCVE-2026-27190: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in denoland deno
HighCVE-2026-27026: CWE-770: Allocation of Resources Without Limits or Throttling in py-pdf pypdf
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.