{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T20:46:08.218","vulnerabilities":[{"cve":{"id":"CVE-2025-60038","sourceIdentifier":"psirt@bosch.com","published":"2026-02-18T14:16:04.960","lastModified":"2026-02-24T16:01:50.337","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks."},{"lang":"es","value":"Una vulnerabilidad ha sido identificada en Rexroth IndraWorks. Esta falla permite a un atacante ejecutar código arbitrario en el sistema del usuario al analizar un archivo manipulado que contiene datos serializados maliciosos. La explotación requiere interacción del usuario, específicamente, abrir un archivo especialmente diseñado, lo que luego hace que la aplicación deserialice los datos maliciosos, lo que habilita la Ejecución Remota de Código (RCE). Esto puede llevar a un compromiso completo del sistema que ejecuta Rexroth IndraWorks."}],"metrics":{"cvssMetricV31":[{"source":"psirt@bosch.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@bosch.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bosch:rexroth_indraworks:*:*:*:*:*:*:*:*","versionEndIncluding":"15v24","matchCriteriaId":"B8D9A01F-E45D-42CE-BA69-C36506BA2A64"}]}]}],"references":[{"url":"https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html","source":"psirt@bosch.com","tags":["Vendor Advisory"]}]}}]}