PT-2026-20412 · Rexroth · Ua.Testclient+1
Published
2026-02-18
·
Updated
2026-02-19
·
CVE-2025-60036
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rexroth IndraWorks UA.Testclient versions prior to 15V24
Description
A flaw exists in the UA.Testclient utility, included within Rexroth IndraWorks, allowing an attacker to execute arbitrary code on a user’s system. This is achieved by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file. This action causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE) and potentially a complete system compromise.
Recommendations
Update Rexroth IndraWorks UA.Testclient to version 15V24 or later.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rexroth Indraworks
Ua.Testclient