Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Rexroth IndraWorks OPC.Testclient allows malicious file execution
CVE-2025-60035
Summary
A security flaw in the OPC.Testclient tool, part of Rexroth IndraWorks, lets hackers run malicious code on your system by tricking you into opening a specially crafted file. All versions of IndraWorks before 15V24 are affected. To stay safe, update to the latest version of IndraWorks or disable the OPC.Testclient utility if it's not essential to your operations.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| bosch | rexroth_indraworks | <= 15v24 | – |
Original title
A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitra...
Original description
A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the OPC.Testclient.
nvd CVSS3.1
8.8
Vulnerability type
CWE-502
Deserialization of Untrusted Data
- https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html Vendor Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026