Bosch Rexroth IndraWorks UA.TestClient XML File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability

Bosch Rexroth IndraWorks contains a remote code execution vulnerability (CVE-2025-60036) that allows attackers to execute arbitrary code if a user visits a malicious webpage or opens a malicious file. This high-severity flaw (CVSS 7.8) requires user interaction to exploit but could give attackers complete control over affected systems. Security teams should prioritize patching this vulnerability, restrict file types that users can open in IndraWorks, and implement email and web filtering to prevent users from accessing malicious content.