CVE-2025-10363 CRITICAL

CVE-2025-10363: Unauthenticated RCE via .NET Deserialization in Topal Finance Software

Vendor Topal Solutions Ag

Product Topal Finanzbuchhaltung

Weakness CWE-502 · Unsafe deserialization

Published October 6, 2025

Last update October 6, 2025

View on NVD All CVEs

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y

What the vulnerability does

01Description

Deserialization of Untrusted Data vulnerability in Topal Solutions AG Topal Finanzbuchhaltung on Windows allows Remote Code Execution.This issue affects at least Topal Finanzbuchhaltung: 10.1.5.20 and is fixed in version 11.2.12.00

Key dates

02Disclosure timeline

October 6, 2025 CVE published

October 6, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-10363

Related vulnerabilities

04Related CVE

CVE-2021-35218 Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability CVE-2025-48780 Soar Cloud HRD Human Resource Management System - Deserialization of Untrusted Data CVE-2021-39139 XStream is vulnerable to an Arbitrary Code Execution attack CVE-2025-47584 WordPress Photography theme <= 7.5.2 - PHP Object Injection vulnerability CVE-2026-2599 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv'

Identifiers

CVE CVE-2025-10363

CWE CWE-502

CVSS 10.0 / CRITICAL

Affected versions

Vendor Topal Solutions Ag

Product Topal Finanzbuchhaltung

Affected 10.1.5.20