Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Rexroth IndraWorks: Malicious File Can Execute Code on Your System
CVE-2025-60037
Summary
A critical security issue affects Rexroth IndraWorks. If you open a specially crafted file, an attacker could gain control of your system. Update your software to the latest version to prevent this from happening.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| bosch | rexroth_indraworks | <= 15v24 | – |
Original title
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized ...
Original description
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.
nvd CVSS3.1
8.8
Vulnerability type
CWE-502
Deserialization of Untrusted Data
- https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html Vendor Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026