Nexeed
    • Introduction
    • Release notes
      • 2025.03.00
        • RC2
        • RC1
      • 2025.02.01
        • SP10
        • SP9
        • SP8
        • SP7
        • SP6
        • SP5
        • SP3
        • SP2
        • SP1
      • 2025.02.00
        • SP25
        • SP24
        • SP23
        • SP22
        • SP21
        • SP20
        • SP19
        • SP18
        • SP17
        • SP16
        • SP15
        • SP14
        • SP13
        • SP12
        • SP11
        • SP10
        • SP9
        • SP8
        • SP7
        • SP6
        • SP5
        • SP4
        • SP3
        • SP2
        • SP1
    • Getting started
      • Getting access
      • Login
      • Main screen
      • Welcome dashboard
      • Detecting process anomalies
      • Analyzing data and detecting event sequences
      • Analyzing KPIs
    • How-tos
      • Monitors on production lines
        • Configuring the automatic login in the Nexeed Industrial Application System
        • Configuring the automatic login to the identity provider with the Windows user
        • Setting cookies in the browser
        • Configuring the automatic logout in the Nexeed Industrial Application System
        • Configuring the command line parameters in the browser
        • Known limitations and troubleshooting
      • Try out the APIs
    • Integration guide
      • Underlying concepts
        • Underlying concepts
        • Onboarding
        • Security
        • Communication
      • Integration journey
      • Example integrations
        • Node-RED
        • Power BI
      • Overview of APIs
    • Operations manual
      • Release
      • System architecture and interfaces
      • System requirements
        • Cluster requirements
        • Database requirements
        • Support for service meshes
      • Migration from previous Nexeed IAS versions
      • Setup and configuration
        • Deployment process
        • Deployment with Helm
        • Advanced configuration
        • Integrations with external secret management solutions
        • Context paths
        • Service accounts and authorizations
        • Validation tests
        • Setup click once
        • Database user setup and configuration
      • Start and shutdown
      • Regular operations
        • User management & authentication
        • How to add additional tenants
        • How to access the cluster and pods
        • Automatic module role assignments in customer tenants
        • User credentials rotation - database and messaging secrets
      • Failure handling
        • Failure handling guidelines
        • Ansible operator troubleshooting
        • How to reach BCI for unresolved issues
      • Backup and restore
      • Logging and monitoring
        • The concept and conventions
        • ELK stack
        • ELK configurations aspects for beats
        • Proxy setup for ELK
        • Health endpoints configurations
      • Known limitations
      • Supporting functions
      • Security recommendations
        • Kubernetes
        • Security Best Practices for Databases
        • Certificates
        • Threat detection tools
    • Infrastructure manual
      • Release
      • System architecture and interfaces
        • RabbitMQ version support
      • System requirements
      • Migration from previous Nexeed infrastructure versions
      • Setup and configuration
        • Deployment process of the Nexeed infrastructure Helm chart
        • Deployment with Helm
      • Start and shutdown
      • Regular operations
        • RabbitMQ
          • User management & authentication
          • Disk size change
          • Upgrade performance with high performant disk type
          • Pod management policy
      • Failure handling
        • Connection failures
        • Data safety on the RabbitMQ side
        • Fix RabbitMQ cluster partitions
        • Delete unsynchronized RabbitMQ queues
        • How to reach BCI for unresolved issues
      • Backup and restore
      • Logging and monitoring
      • Known limitations
    • Training
    • Glossary
    • Further information and contact
Industrial Application System
  • Industrial Application System
  • Core Services
    • Block Management
    • Deviation Processor
    • ID Builder
    • Multitenant Access Control
    • Notification Service
    • Ticket Management
    • Web Portal
  • Shopfloor Management
    • Andon Live
    • Global Production Overview
    • KPI Reporting
    • Operational Routines
    • Shift Book
    • Shopfloor Management Administration
  • Product & Quality
    • Product Setup Management
    • Part Traceability
    • Process Quality
    • Setup Specs
  • Execution
    • Line Control
    • Material Management
    • Order Management
    • Packaging Control
    • Rework Control
  • Intralogistics
    • Stock Management
    • Transport Management
  • Machine & Equipment
    • Condition Monitoring
    • Device Portal
    • Maintenance Management
    • Tool Management
  • Enterprise & Shopfloor Integration
    • Archiving Bridge
    • Data Publisher
    • Engineering UI
    • ERP Connectivity
    • Gateway
    • Information Router
    • Master Data Management
    • Orchestrator

Nexeed Learning Portal
  • Industrial Application System
  • Release notes
  • 2025.02.01
  • SP5
preview 2026.01.00 2025.03.00

2025.02.01 SP5

Date:

23.10.2025
Change classification:

1 - Minor impact
Helm chart:

202502.1.5-rev1

Important Note - Delivery Schedule

  • Helm charts are already published

  • MESPKGs will be delivered delayed on Oct. 24, 2025

  • MESPKGs also available since Oct 24, 2025 10:55 CEST

Maintenance Management 2.5.1

Change classification:

1 - Minor impact
Artifacts:

mm:2.5.1-rev1

Fixed

  • Fix CVE-2025-55315 (555332)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability

Tool Management 2.11.3

Change classification:

1 - Minor impact
Artifacts:

toma:2.11.3-rev1

Fixed

  • Fix CVE-2025-55315 (555333)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability

AGV Transport Orders 6.1.1

Change classification:

1 - Minor impact
Artifacts:

ies:6.1.1-rev1
iesedge:6.1.1-rev1

Changed

  • Updated translations for various languages
    Updated languages: FR (552391)

Fixed

  • ACKs fail during RabbitMQ Restart which results in events potentially being processed twice
    Enhanced handling of RabbitMQ connection losses to ensure acknowledgments are properly sent and events are processed only once, even during RabbitMQ restarts (552899)

  • Fixed CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9 (555479)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9

Andon 2502.0.5

Change classification:

1 - Minor impact
Artifacts:

smessentials:2502.0.5-rev1

Fixed

  • CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9 (555446)

  • Outdated token prevents break sound after 5 minutes (547740)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9

Archiving Bridge 3.1.3

Change classification:

1 - Minor impact
Artifacts:

archivingbridge:3.1.3-rev1

Fixed

  • CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability (555811)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability

Block Management 2.3.3

Change classification:

1 - Minor impact
Artifacts:

blockman:2.3.3-rev1

Fixed

  • CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9 (555161)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9

DataPublisher 2.7.1

Change classification:

1 - Minor impact
Artifacts:

datapublisher:2.7.1-rev1

Fixed

  • Fixed CVE-2025-55315

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability

Deviation Processor 1.13.1

Change classification:

1 - Minor impact
Artifacts:

smdp:1.13.1-rev1

Fixed

  • CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9 (555159)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9

Engineering 2.2.3

Change classification:

1 - Minor impact
Artifacts:

engineering:2.2.3-rev1

Fixed

  • Fixed CVE-2025-55315

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability

Global Production Overview 5.9.1

Change classification:

1 - Minor impact
Artifacts:

gpo:5.9.1-rev1

General notes

  • "ReplicatedShift 2.0.0" Schema published to Datapublisher was replaced with version 2.1.0

Fixed

  • Add missing attribute "COUNT_ALL_PROCESSES" (554056)

  • Duplicate shifts are not skipped (551326)

  • CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9 (555446)

  • Replication stops if source data is invalid even though valid data is present for IAS source system in the future (546534)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9

ID Builder 3.8.1

Change classification:

1 - Minor impact
Artifacts:

idbuilder:3.8.1-rev1

Fixed

  • CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9 (555160)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9

KPI Reporting 2502.0.5

Change classification:

1 - Minor impact
Artifacts:

smessentials:2502.0.5-rev1

Fixed

  • Time templates are missing in some widgets (552633)

  • CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9 (555446)

  • Downtimes are always shown in English (551325)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9

Line Control 5.2.1

Change classification:

1 - Minor impact
Artifacts:

linecon:5.2.1-rev3
lineasm:5.2.1-rev3

Fixed

  • Batch is not returned in ProcessRequest command (553192)

  • CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9 (555223)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9

Master Data Management 8.9.1

Change classification:

1 - Minor impact
Artifacts:

mmpd:8.9.1-rev1

Fixed

  • Error definition import doesn’t work on Buel P (553445)

  • CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability (555710)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability

Material Management 3.11.2

Change classification:

1 - Minor impact
Artifacts:

mat:3.11.2-rev1
MatControl_3.11.25259.02_MatClimateControl.mespkg
MatControl_3.11.25259.02_MaterialInfoPanel.mespkg

Fixed

  • CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9 (555053)

  • ServiceClients: Some Patch calls via the ServiceClients fail with BadRequest on nginx (549690)

  • Using pure MES fails to start services after updating database to 3.x
    HybridMode (554119)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9

Notification Service 1.30.1

Change classification:

1 - Minor impact
Artifacts:

notification:1.30.1-rev1

Fixed

  • CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability

Operational Routines 2502.0.3

Change classification:

1 - Minor impact
Artifacts:

smor:2502.0.3-rev1

Fixed

  • Fix default roles regarding dashboard and meeting privileges (548027)

  • CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9 (555446)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9

Orchestrator 2.0.2

Change classification:

1 - Minor impact
Artifacts:

orchestrator:2.0.2-rev1

Fixed

  • Fixed CVE-2025-55315

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability

Part Traceability 2.7.3

Change classification:

1 - Minor impact
Artifacts:

parttrace:2.7.3-rev2

Fixed

  • DataCollector: Telegram is stuck in the TRANSFER_QUEUE after it was inserted into both QDB OLTP and QDB OLAP (548272)

  • ASP.NET Security Feature Bypass Vulnerability CVE-2025-55315 (554911)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability

Known issues

  • DataBrowser RDS endpoints do not properly work (456005)

  • Archiving bridge stops exporting when invalid data is in the part telegrams table (467100)

  • Archiving bridge adapter export job does not limit query on part telegrams (467101)

  • No Data is sent to Data Publisher (479323)

  • Part Protocol does not show not packed part if too many rows (549838)

Product Setup Management 3.13.1

Change classification:

1 - Minor impact
Artifacts:

psm:3.13.1-rev2
ProductSetupManagement_3.13.25295.03_Client.mespkg

Fixed

  • CVE-2025-55315
    Microsoft ASP.NET Core Security Bypass Vulnerability

Security

  • CVE-2025-55315: Microsoft ASP.NET Core Security Bypass Vulnerability

Rework Control 6.3.3

Change classification:

1 - Minor impact
Artifacts:

rework:6.3.3-rev2
Rework_6.3.25289.01_Release_Client.mespkg

Fixed

  • Rework Client - Unknown LocationResultState 11 (545655)

  • CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9 (555608)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9

Setup Specs 1.8.2

Change classification:

1 - Minor impact
Artifacts:

specs:1.8.2-rev2

Fixed

  • CVE-2025-55315
    Microsoft ASP.NET Core Security Bypass Vulnerability (555343)

  • Automated DAT file export to fileshare via orchestrator (554714)

Security

  • CVE-2025-55315: Microsoft ASP.NET Core Security Bypass Vulnerability

Shift Book 2502.0.5

Change classification:

1 - Minor impact
Artifacts:

smessentials:2502.0.5-rev1

Fixed

  • Downtime Causes: Different behavior between web view and CSV export and return always full tree (448170)

  • CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9 (555446)

  • Add missing attribute "COUNT_ALL_PROCESSES" (552439)

  • Improve handling of faulty data for GPO Replication (546760)

  • Prevent Quorum Queue migration from executing multiple times (554023)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9

Stock Management 6.1.1

Change classification:

1 - Minor impact
Artifacts:

ies:6.1.1-rev1
iesedge:6.1.1-rev1

Changed

  • Updated translations for various languages
    Updated languages: FR (552391)

  • Change color for blocked unitloads in supermarket view
    Introduced another grey tone for blocked unitloads to make it more distinguishable from reservations (553083)

Fixed

  • ACKs fail during RabbitMQ Restart which results in events potentially being processed twice
    Enhanced handling of RabbitMQ connection losses to ensure acknowledgments are properly sent and events are processed only once, even during RabbitMQ restarts (552899)

  • Pick of unspecific unit load results in removal of specific pick reservation
    Fixed the display issue causing pick reservations to disappear in the supermarket when unit loads move into pick position, ensuring reservations remain visible and intact (554053)

  • Unit load info migration of StockProperties (Defect <v6.1>)
    Fixed the migration process to correctly deserialize StockProperties as a structured document instead of a string, eliminating errors when fetching unit load stock after upgrade to version 6.1 (554177)

  • Fixed CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9 (555479)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9

Transport Management 6.1.1

Change classification:

1 - Minor impact
Artifacts:

ies:6.1.1-rev1
iesedge:6.1.1-rev1

Changed

  • Add collector property for string values to attach customer specific information to TransportOrders and TransportMovements
    Store generic custom information to a TO or a TM, in order to have this information available when a transport movement gets completed (553919)

  • Updated translations for various languages
    Updated languages: FR (552391)

Fixed

  • Material Delivery: Consider "turn on spot" capability of vehicle type to calculate correct route for drive to station map
    Route planning now accurately considers the 'turn on spot' capability of vehicle types, preventing incorrect turn instructions and ensuring correct driving times between stations. Defect 1556, TOMDESIGN-15180 (278497)

  • Memory usage — TMentity-service
    Reduced memory consumption in the Transport Movement entity service to operate efficiently within allocated limits (550334)

  • Wrong S/4 custom defaults provided
    Updated TransportOrderupdate_S4 rules to include only S/4 relevant defaults, eliminating confusion caused by mixed S/4 and R/3 settings (552564)

  • Milkrun app shows "completed" as error message after tour request when no TMs are there
    The Milkrun app now shows the correct 'No transport movements available for this tour' message instead of an error when no transport movements exist for a requested tour. TOMDESIGN-15284 (552796)

  • ACKs fail during RabbitMQ Restart which results in events potentially being processed twice
    Enhanced handling of RabbitMQ connection losses to ensure acknowledgments are properly sent and events are processed only once, even during RabbitMQ restarts (552899)

  • TourPlanningService takes too long to plan tours with a lot of (>100) movements
    TourPlanningService now avoids unnecessary back-fetches of tour movements, reducing load on the entity service and database. This significantly improves tour planning performance for tours with many movements (552934)

  • A misconfigured Tenant can render TourPlanning unhealthy for all tenants
    TourPlanning now manages cache locks separately for each tenant, preventing delays or failures in one tenant’s cache loading from affecting other tenants (554760)

  • Fixed CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9 (555479)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9

Web Portal 5.23.1

Change classification:

1 - Minor impact
Artifacts:

portal:5.23.1-rev2

Fixed

  • CVE-2025-55315
    ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9 IAS (555158)

Security

  • CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability, CVE Score 9.9

Contents

© Robert Bosch Manufacturing Solutions GmbH 2023-2025, all rights reserved

Changelog Corporate information Legal notice Data protection notice Third party licenses