PT-2025-40943 · Ilias · Ilias
Rehme_Srlabs
·
Published
2025-10-06
·
Updated
2025-10-06
·
CVE-2025-11346
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ILIAS versions prior to 8.24
ILIAS versions prior to 9.14
ILIAS versions prior to 10.2
Description
A flaw exists in ILIAS related to the
unserialize function within the Base64 Decoding Handler component. Manipulation of the f settings argument can lead to deserialization, potentially allowing remote attackers to exploit the system.Recommendations
Upgrade to ILIAS version 8.24 or later.
Upgrade to ILIAS version 9.14 or later.
Upgrade to ILIAS version 10.2 or later.
Fix
Deserialization of Untrusted Data
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ilias