What is the CVSS score of CVE-2025-60038?

CVE-2025-60038 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Rexroth Indraworks are affected by CVE-2025-60038?

Rexroth IndraWorks contains a critical code execution vulnerability (CVE-2025-60038) that allows attackers to compromise user systems through malicious files.

How to fix or mitigate CVE-2025-60038?

Within 24 hours: Identify all systems running Rexroth IndraWorks and restrict file handling capabilities; disable or isolate IndraWorks environments from untrusted networks. Within 7 days: Implement network segmentation to limit IndraWorks access to trusted users only; establish monitoring for suspicious file imports and serialized data processing; conduct user awareness training on file validation. Within 30 days: Monitor Rexroth security advisories for patch release; develop and test patching procedures; evaluate alternative workflows that bypass high-risk features.

Rexroth Indraworks CVE-2025-60038

HIGH

Deserialization of Untrusted Data (CWE-502)

2026-02-18 psirt@bosch.com

RCE Deserialization Rexroth Indraworks

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 18, 2026 - 14:16 nvd

HIGH 7.8

DescriptionCVE.org

A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.

AnalysisAI

Technical ContextAI

Classified as CWE-502 (Deserialization of Untrusted Data). Affects Rexroth Indraworks. A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2025-60038 vulnerability details – vuln.today

Back

Rexroth Indraworks CVE-2025-60038

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code