CVE-2025-60036

A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bosch:rexroth_indraworks::::::::
	cpe:2.3:a:bosch:rexroth_ua.testclient::::::::

History

No history.

Information

Published : 2026-02-18 14:16

Updated : 2026-02-24 16:02

NVD link : CVE-2025-60036

Mitre link : CVE-2025-60036

CVE.ORG link : CVE-2025-60036

JSON object : View

Products Affected

bosch

rexroth_indraworks
rexroth_ua.testclient

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2025-60036", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@bosch.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-02-18T14:16:04.663", "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html", "tags": ["Vendor Advisory"], "source": "psirt@bosch.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@bosch.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient."}, {"lang": "es", "value": "Una vulnerabilidad ha sido identificada en la utilidad UA.Testclient, que est\u00e1 incluida en Rexroth IndraWorks. Todas las versiones anteriores a 15V24 est\u00e1n afectadas. Esta falla permite a un atacante ejecutar c\u00f3digo arbitrario en el sistema del usuario al analizar un archivo manipulado que contiene datos serializados maliciosos. La explotaci\u00f3n requiere interacci\u00f3n del usuario, espec\u00edficamente la apertura de un archivo especialmente dise\u00f1ado, lo que luego hace que la aplicaci\u00f3n deserialice los datos maliciosos, permitiendo la ejecuci\u00f3n remota de c\u00f3digo (RCE). Esto puede llevar a un compromiso completo del sistema que ejecuta UA.Testclient."}], "lastModified": "2026-02-24T16:02:09.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bosch:rexroth_indraworks:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B23F6D2-E822-4E76-808D-B110D6EA4E04", "versionEndExcluding": "15v24"}, {"criteria": "cpe:2.3:a:bosch:rexroth_ua.testclient:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15925640-7573-4498-8D03-02C3289B8CF1", "versionEndExcluding": "2.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@bosch.com"}