CVE-2025-60037HIGH 8.8EPSS p20.2%

CVE-2025-60037CVE-2025-60037

Description

A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.29% probability of exploitation · percentile 20.2% · 2026-06-19T12:03:05Z
Published2026-02-18
Last modified2026-02-24

Underlying weaknesses· 1

CWE-502

References

  1. https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html

1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-60038
CVE
CVE-2025-60035
CVE
CVE-2025-60036
CVE
CVE-2025-58384
CVE
Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability
CVE
CVE-2025-24035
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.