CVE-2025-11346
Last modified
CVE-2025-11346 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. EPSS estimates a 0.40% chance of exploitation in the next 30 days.
Description
A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument f_settings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 is able to mitigate this issue. It is advisable to upgrade the affected component.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ilias | Ilias | 8.23 |
| Ilias | Ilias | 9.13 |
| Ilias | Ilias | 10.1 |
References
- https://vuldb.com/?ctiid.327231Permissions Required, VDB Entry
- https://vuldb.com/?id.327231Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.664892Third Party Advisory, VDB Entry
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2113Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-11346?
How severe is CVE-2025-11346?
How do I fix CVE-2025-11346?
Are you affected by CVE-2025-11346?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST