CVE-2025-60038

High

Published: 18 February 2026

Published

18 February 2026

Modified

24 February 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0018 39.7th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-60038 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Bosch Rexroth Indraworks. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 39.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the deserialization flaw in Rexroth IndraWorks by applying vendor patches from the Bosch PSIRT advisory to prevent RCE.

SI-10 Information Input Validation good match

prevent

Validates serialized data in manipulated input files prior to deserialization to block processing of malicious payloads.

SI-16 Memory Protection partial match

prevent

Hinders arbitrary code execution from deserialization exploits via memory safeguards like DEP and ASLR.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Deserialization vulnerability enables RCE via exploitation of client software (T1203) when user opens crafted malicious file (T1204.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file,…

which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.

Deeper analysisAI

CVE-2025-60038 is a deserialization vulnerability (CWE-502) affecting Rexroth IndraWorks engineering software. The flaw allows arbitrary code execution when the application processes a specially crafted file containing malicious serialized data. Upon parsing, the deserialization leads to remote code execution (RCE) on the system running Rexroth IndraWorks. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H), indicating high impact with low attack complexity but requiring local access and user interaction.

An attacker can exploit this vulnerability by providing a manipulated file to a user, who must open it in Rexroth IndraWorks for deserialization to occur. No privileges are needed (PR:N), but the attack is local (AV:L) and relies on user interaction (UI:R), such as tricking the user into loading the file. Successful exploitation grants RCE, enabling complete compromise of the host system with high confidentiality, integrity, and availability impacts.

Mitigation details are available in the Bosch PSIRT security advisory at https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html.