CVE-2025-11345 MEDIUM

CVE-2025-11345: ILIAS Test Import unserialize deserialization

Vendor N/A
Product ILIAS
Weakness CWE-502 · Unsafe deserialization
Published October 6, 2025
Last update February 24, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 can resolve this issue. Upgrading the affected component is advised.

Key dates

02Disclosure timeline

October 6, 2025 CVE published
February 24, 2026 Record updated