8.8

CVE-2025-60036

EPSS 0.14%
Veröffentlicht 18.02.2026 14:16:04
Zuletzt bearbeitet 24.02.2026 16:02:09
Quelle psirt@bosch.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bosch ≫ Rexroth Indraworks Version < 15v24

Bosch ≫ Rexroth Ua.Testclient Version < 2.9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.347

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
psirt@bosch.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-60036

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-60036

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-60036

EUVD