CVE-2025-60038 is a deserialization vulnerability classified under CWE-502 found in all versions of Bosch Rexroth IndraWorks, a software suite widely used for industrial automation and control. The vulnerability occurs because the application deserializes data from files without proper validation or sanitization, allowing an attacker to craft a malicious serialized object that, when deserialized, executes arbitrary code on the victim's system. Exploitation requires the victim to open a specially crafted file, making user interaction mandatory but no authentication necessary. The vulnerability enables Remote Code Execution (RCE), which can lead to complete system compromise, including unauthorized access, data manipulation, and disruption of industrial processes. The CVSS v3.1 score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates that the attack vector is local (user must open a file), with low attack complexity, no privileges required, but user interaction needed, and the impact on confidentiality, integrity, and availability is high. Although no exploits are currently known in the wild, the severity and potential impact on critical industrial environments make this a significant threat. The lack of available patches at the time of publication necessitates immediate mitigation efforts to reduce exposure.

For European organizations, especially those in manufacturing, automotive, and industrial automation sectors, this vulnerability poses a significant risk. IndraWorks is commonly deployed in industrial control systems (ICS) and operational technology (OT) environments, where a successful RCE can lead to operational disruptions, safety hazards, intellectual property theft, and potential physical damage. The compromise of systems running IndraWorks could allow attackers to manipulate industrial processes, cause downtime, and breach sensitive data. Given the critical role of Bosch Rexroth products in European industry, the impact extends beyond IT to physical and economic domains. Additionally, the requirement for user interaction means that social engineering or phishing campaigns could be used to deliver the malicious files, increasing the attack surface. The high confidentiality, integrity, and availability impact could also affect compliance with European regulations such as NIS2 and GDPR if sensitive data or critical infrastructure is involved.

1. Immediately educate users about the risks of opening unsolicited or unexpected files, especially those related to IndraWorks. 2. Implement strict file validation and sandboxing mechanisms to analyze files before they are opened by IndraWorks. 3. Employ endpoint protection solutions capable of detecting and blocking malicious serialized objects or unusual application behaviors. 4. Segment industrial networks to isolate systems running IndraWorks from general IT networks and limit exposure. 5. Monitor logs and network traffic for suspicious activity indicative of exploitation attempts. 6. Coordinate with Bosch Rexroth for timely patch deployment once available; in the meantime, consider disabling or restricting file import features if feasible. 7. Use application whitelisting to prevent unauthorized code execution. 8. Conduct regular security awareness training focusing on social engineering tactics that could deliver malicious files. 9. Maintain up-to-date backups of critical systems to enable recovery in case of compromise.