CVE-2025-60036HIGH 8.8EPSS p28.5%

CVE-2025-60036CVE-2025-60036

Description

A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.37% probability of exploitation · percentile 28.5% · 2026-06-18T12:00:27Z
Published2026-02-18
Last modified2026-02-24

Underlying weaknesses· 1

CWE-502

References

  1. https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html

1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-60035
CVE
CVE-2025-60037
CVE
CVE-2025-60038
CVE
CVE-2025-58384
CVE
CVE-2025-53691
CVE
CVE-2025-24035
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.