CVE-2025-60037
📋 TL;DR
This vulnerability in Rexroth IndraWorks allows attackers to execute arbitrary code on a user's system by tricking them into opening a malicious file, leading to remote code execution (RCE). It affects users of Rexroth IndraWorks software, potentially compromising industrial control systems. Exploitation requires user interaction, such as opening a manipulated file.
💻 Affected Systems
- Rexroth IndraWorks
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise, enabling attackers to take control of the industrial control system, disrupt operations, steal sensitive data, or cause physical damage.
Likely Case
Local code execution on the affected system, allowing attackers to install malware, exfiltrate data, or pivot to other network resources.
If Mitigated
Limited impact if proper security controls like file restrictions, user training, and network segmentation are in place, reducing the chance of successful exploitation.
🎯 Exploit Status
Exploitation depends on user interaction; no public proof-of-concept known at this time, but the vulnerability is based on deserialization flaws (CWE-502), which are commonly exploited.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions.
Vendor Advisory: https://psirt.bosch.com/security-advisories/BOSCH-SA-591522.html
Restart Required: Yes
Instructions:
1. Review the vendor advisory at the provided URL. 2. Identify affected versions of Rexroth IndraWorks. 3. Apply the official patch or update to a fixed version as recommended by Bosch Rexroth. 4. Restart the system to ensure changes take effect.
🔧 Temporary Workarounds
Restrict File Execution
windowsLimit user ability to open untrusted files by implementing application whitelisting or file extension restrictions.
Use Group Policy or security software to block execution of suspicious file types associated with Rexroth IndraWorks.
User Awareness Training
allEducate users on the risks of opening unknown or unexpected files, especially in industrial environments.
Conduct training sessions and distribute guidelines on safe file handling practices.
🧯 If You Can't Patch
- Implement network segmentation to isolate Rexroth IndraWorks systems from critical networks, reducing lateral movement risk.
- Deploy endpoint detection and response (EDR) tools to monitor for suspicious file activities and block malicious processes.
🔍 How to Verify
Check if Vulnerable:
Check the installed version of Rexroth IndraWorks against the vendor advisory to see if it falls within the affected range.Check Version:
Consult Rexroth IndraWorks documentation or system properties for version information; specific command may vary by installation.Verify Fix Applied:
After applying the patch, verify the software version has been updated to a non-vulnerable release as specified in the vendor advisory.📡 Detection & Monitoring
Log Indicators:
- Unusual file access or execution events in Rexroth IndraWorks logs, unexpected process creations, or error messages related to deserialization.
Network Indicators:
- Suspicious outbound connections from the system post-file opening, indicating potential command and control activity.
SIEM Query:
Example: 'source="Rexroth IndraWorks" AND (event_type="file_open" OR process_name="malicious.exe")' - adjust based on log sources and SIEM capabilities.