CVE-2025-60036 HIGH

CVE-2025-60036

Vendor Bosch Rexroth
Product IndraWorks
Weakness CWE-502 · Unsafe deserialization
Published February 18, 2026
Last update February 18, 2026

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient.

Key dates

02Disclosure timeline

February 18, 2026 CVE published
February 18, 2026 Record updated

Related vulnerabilities

04Related CVE