CVE-2025-60037 is a deserialization vulnerability (CWE-502) found in all versions of Bosch Rexroth IndraWorks, an industrial automation software suite. The flaw arises because the application parses serialized data from files without sufficient validation or sanitization, allowing attackers to craft malicious serialized objects. When a user opens such a file, the application deserializes the data, triggering execution of arbitrary code embedded within the serialized payload. This leads to remote code execution (RCE) on the host system with the privileges of the user running IndraWorks. The vulnerability requires user interaction—specifically, opening a manipulated file—but does not require prior authentication or elevated privileges. The CVSS 3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, combined with low attack complexity and no privileges required. Although no exploits have been reported in the wild, the vulnerability poses a significant risk due to the critical nature of industrial control systems relying on IndraWorks. The absence of patches necessitates immediate mitigation through operational controls and user training to prevent exploitation. This vulnerability underscores the risks of insecure deserialization in industrial software, which can lead to full system compromise and potentially disrupt manufacturing processes or safety systems.

For European organizations, especially those in manufacturing, industrial automation, and critical infrastructure sectors, this vulnerability presents a severe risk. IndraWorks is widely used in configuring and managing industrial control systems, so exploitation could lead to unauthorized control over critical machinery, data theft, or sabotage. The compromise of such systems could cause operational downtime, safety hazards, and significant financial losses. Confidentiality breaches could expose sensitive industrial designs or operational data, while integrity violations might alter control commands, leading to unsafe conditions. Availability impacts could disrupt production lines or critical services. Given the reliance on IndraWorks in European industrial hubs, the threat could extend to national critical infrastructure, increasing the risk of targeted attacks or industrial espionage. The requirement for user interaction limits mass exploitation but does not eliminate risk, as spear-phishing or social engineering could be used to deliver malicious files. The lack of known exploits currently provides a window for proactive defense, but the high severity demands urgent attention.

1. Implement strict user training and awareness programs focusing on the risks of opening unsolicited or unexpected files, especially those related to IndraWorks projects. 2. Enforce application whitelisting and restrict execution privileges for IndraWorks to limit the impact of potential code execution. 3. Use network segmentation to isolate systems running IndraWorks from general user networks and the internet to reduce exposure. 4. Monitor file sources and implement email filtering to detect and block potentially malicious attachments targeting IndraWorks users. 5. Employ endpoint detection and response (EDR) solutions to identify suspicious deserialization or code execution behaviors. 6. Regularly back up critical configuration and project files to enable recovery in case of compromise. 7. Engage with Bosch Rexroth for updates and patches; apply them promptly once available. 8. Consider deploying sandbox environments for opening untrusted files related to IndraWorks. 9. Review and harden system permissions to minimize the privileges of users running IndraWorks. 10. Maintain an incident response plan tailored to industrial control system compromises.