1. Home
  2. CVE Database
  3. CVE-2025-60036
HIGH · 7.8

CVE-2025-60036

A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary c...

Vulnerability Description

A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
BoschRexroth Indraworks< 15v24
BoschRexroth Ua.Testclient< 2.9.0

Related Weaknesses (CWE)

CWE-502

References

FAQ

What is CVE-2025-60036?

CVE-2025-60036 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary c...

How severe is CVE-2025-60036?

CVE-2025-60036 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-60036?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Rexroth Indraworks, Bosch Rexroth Ua.Testclient.