Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Rexroth IndraWorks: Malicious File Can Crash and Steal System Control
CVE-2025-60036
Summary
The Rexroth IndraWorks software has a flaw that lets hackers take control of your system if you open a specially crafted file. This can happen if you use the program's test client tool. To stay safe, update to the latest version of IndraWorks, version 15V24 or later, as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| bosch | rexroth_indraworks | <= 15v24 | – |
| bosch | rexroth_ua.testclient | <= 2.9.0 | – |
Original title
A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrar...
Original description
A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient.
nvd CVSS3.1
8.8
Vulnerability type
CWE-502
Deserialization of Untrusted Data
- https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html Vendor Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026