Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

IndraWorks

Source -

CNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2025-60038
Assigner-Robert Bosch GmbH
ShareView Details
Assigner-Robert Bosch GmbH
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.67%
||
7 Day CHG-0.04%
Published-18 Feb, 2026 | 14:03
Updated-24 Feb, 2026 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.

Action-Not Available
Vendor-Bosch RexrothRobert Bosch GmbH
Product-rexroth_indraworksIndraWorks
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-60037
Assigner-Robert Bosch GmbH
ShareView Details
Assigner-Robert Bosch GmbH
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.67%
||
7 Day CHG-0.04%
Published-18 Feb, 2026 | 14:03
Updated-24 Feb, 2026 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.

Action-Not Available
Vendor-Bosch RexrothRobert Bosch GmbH
Product-rexroth_indraworksIndraWorks
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-60036
Assigner-Robert Bosch GmbH
ShareView Details
Assigner-Robert Bosch GmbH
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.67%
||
7 Day CHG-0.04%
Published-18 Feb, 2026 | 14:02
Updated-24 Feb, 2026 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient.

Action-Not Available
Vendor-Bosch RexrothRobert Bosch GmbH
Product-rexroth_ua.testclientrexroth_indraworksIndraWorksUA.Testclient
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-60035
Assigner-Robert Bosch GmbH
ShareView Details
Assigner-Robert Bosch GmbH
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.67%
||
7 Day CHG-0.04%
Published-18 Feb, 2026 | 14:01
Updated-24 Feb, 2026 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the OPC.Testclient.

Action-Not Available
Vendor-Bosch RexrothRobert Bosch GmbH
Product-rexroth_indraworksIndraWorks
CWE ID-CWE-502
Deserialization of Untrusted Data