ILIAS Test Import unserialize deserialization_CVE-2025-11345

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

Description

A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 can resolve this issue. Upgrading the affected component is advised.

Basic Information

ID CVE-2025-11345

Source VulDB

Published Oct 6, 2025 at 19:02

Modified Oct 6, 2025 at 19:35

Affected Product

Vendor n/a

Product ILIAS

Version 8.0

Affected Versions n/a ILIAS 8.0
n/a ILIAS 8.1
n/a ILIAS 8.2
n/a ILIAS 8.3
n/a ILIAS 8.4
n/a ILIAS 8.5
n/a ILIAS 8.6
n/a ILIAS 8.7
n/a ILIAS 8.8
n/a ILIAS 8.9
n/a ILIAS 8.10
n/a ILIAS 8.11
n/a ILIAS 8.12
n/a ILIAS 8.13
n/a ILIAS 8.14
n/a ILIAS 8.15
n/a ILIAS 8.16
n/a ILIAS 8.17
n/a ILIAS 8.18
n/a ILIAS 8.19
n/a ILIAS 8.20
n/a ILIAS 8.21
n/a ILIAS 8.22
n/a ILIAS 8.23
n/a ILIAS 9.0
n/a ILIAS 9.1
n/a ILIAS 9.2
n/a ILIAS 9.3
n/a ILIAS 9.4
n/a ILIAS 9.5
n/a ILIAS 9.6
n/a ILIAS 9.7
n/a ILIAS 9.8
n/a ILIAS 9.9
n/a ILIAS 9.10
n/a ILIAS 9.11
n/a ILIAS 9.12
n/a ILIAS 9.13
n/a ILIAS 10.0
n/a ILIAS 10.1

CWE Classification

CWE-502 CWE-20

References

{
    "lastseen": "",
    "description": "A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 can resolve this issue. Upgrading the affected component is advised.",
    "published": "2025-10-06T19:02:05.514Z",
    "modified": "2025-10-06T19:35:49.946Z",
    "type": "cve",
    "title": "ILIAS Test Import unserialize deserialization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.327230\nhttps://vuldb.com/?ctiid.327230\nhttps://vuldb.com/?submit.664891\nhttps://docu.ilias.de/go/blog/15821/882",
    "id": "CVE-2025-11345",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502",
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "n/a ILIAS 8.0\nn/a ILIAS 8.1\nn/a ILIAS 8.2\nn/a ILIAS 8.3\nn/a ILIAS 8.4\nn/a ILIAS 8.5\nn/a ILIAS 8.6\nn/a ILIAS 8.7\nn/a ILIAS 8.8\nn/a ILIAS 8.9\nn/a ILIAS 8.10\nn/a ILIAS 8.11\nn/a ILIAS 8.12\nn/a ILIAS 8.13\nn/a ILIAS 8.14\nn/a ILIAS 8.15\nn/a ILIAS 8.16\nn/a ILIAS 8.17\nn/a ILIAS 8.18\nn/a ILIAS 8.19\nn/a ILIAS 8.20\nn/a ILIAS 8.21\nn/a ILIAS 8.22\nn/a ILIAS 8.23\nn/a ILIAS 9.0\nn/a ILIAS 9.1\nn/a ILIAS 9.2\nn/a ILIAS 9.3\nn/a ILIAS 9.4\nn/a ILIAS 9.5\nn/a ILIAS 9.6\nn/a ILIAS 9.7\nn/a ILIAS 9.8\nn/a ILIAS 9.9\nn/a ILIAS 9.10\nn/a ILIAS 9.11\nn/a ILIAS 9.12\nn/a ILIAS 9.13\nn/a ILIAS 10.0\nn/a ILIAS 10.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ILIAS",
    "version": "8.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}