PT-2025-40942 · Ilias · Ilias
Rehme_Srlabs
·
Published
2025-10-06
·
Updated
2025-10-06
·
CVE-2025-11345
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ILIAS versions up to 8.23
ILIAS versions up to 9.13
ILIAS versions up to 10.1
Description
A flaw exists due to deserialization in the
unserialize function of the Test Import component. This manipulation can be initiated remotely.Recommendations
Upgrade to ILIAS version 8.24
Upgrade to ILIAS version 9.14
Upgrade to ILIAS version 10.2
Upgrade the affected Test Import component
Fix
Deserialization of Untrusted Data
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ilias