A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 can resolve this issue. Upgrading the affected component is advised.
References
| Link | Resource |
|---|---|
| https://docu.ilias.de/go/blog/15821/882 | Release Notes Vendor Advisory |
| https://vuldb.com/?ctiid.327230 | Permissions Required VDB Entry |
| https://vuldb.com/?id.327230 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.664891 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
14 Oct 2025, 19:21
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:ilias:ilias:9.13:*:*:*:*:*:*:* cpe:2.3:a:ilias:ilias:10.1:*:*:*:*:*:*:* cpe:2.3:a:ilias:ilias:8.23:*:*:*:*:*:*:* |
|
| First Time |
Ilias ilias
Ilias |
|
| References | () https://docu.ilias.de/go/blog/15821/882 - Release Notes, Vendor Advisory | |
| References | () https://vuldb.com/?ctiid.327230 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.327230 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.664891 - Third Party Advisory, VDB Entry |
06 Oct 2025, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-10-06 19:15
Updated : 2025-10-14 19:21
NVD link : CVE-2025-11345
Mitre link : CVE-2025-11345
CVE.ORG link : CVE-2025-11345
JSON object : View
Products Affected
ilias
- ilias