CVE-2025-11345

Sažetak

A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 can resolve this issue. Upgrading the affected component is advised.

Reference

https://docu.ilias.de/go/blog/15821/882
https://vuldb.com/?ctiid.327230
https://vuldb.com/?id.327230
https://vuldb.com/?submit.664891
https://srlabs.de/blog/breaking-ilias-part-2-three-to-rce

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

23-01-2026 - 19:15

Objavljeno

06-10-2025 - 19:15