Cyber Resilience

CVE-2025-11345

Medium

Published: 06 October 2025

Published
06 October 2025
Modified
23 January 2026
KEV Added
Patch
CVSS Score v4 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 35.8th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-11345 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Ilias Ilias. Its CVSS base score is 5.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-11345 is a deserialization vulnerability in the unserialize function of the Test Import component within ILIAS learning management system versions up to 8.23, 9.13, and 10.1. The flaw stems from improper input validation (CWE-20) and deserialization of untrusted data (CWE-502), allowing malicious serialized objects to be processed. It was published on 2025-10-06 and carries a CVSS v3.1 base score of 5.5 (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L), indicating medium severity with network accessibility and low complexity.

Exploitation requires low privileges (PR:L), such as an authenticated user with access to the Test Import feature, and user interaction (UI:R) to process a crafted input remotely. Successful attacks can result in low-impact confidentiality, integrity, and availability effects, such as limited data exposure, modification, or denial of service on the targeted system.

Advisories recommend upgrading to ILIAS versions 8.24, 9.14, or 10.2 to resolve the issue, with upgrading the affected component advised as the primary mitigation. Relevant references include the official ILIAS documentation at https://docu.ilias.de/go/blog/15821/882, VulDB entries at https://vuldb.com/?ctiid.327230, https://vuldb.com/?id.327230, and https://vuldb.com/?submit.664891, and an SRLabs blog post at https://srlabs.de/blog/breaking-ilias-part-2-three-to-rce detailing related ILIAS exploitation chains.

EU & UK References

Vulnerability details

A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14…

more

and 10.2 can resolve this issue. Upgrading the affected component is advised.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Deserialization vulnerability (CWE-502) in the public-facing ILIAS LMS Test Import component enables remote exploitation of a web application with low privileges and user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-11344Same product: Ilias Ilias
CVE-2025-0465Shared CWE-20, CWE-502
CVE-2025-2376Shared CWE-20, CWE-502
CVE-2025-1113Shared CWE-20, CWE-502
CVE-2025-2689Shared CWE-20, CWE-502
CVE-2025-1177Shared CWE-20, CWE-502
CVE-2024-13136Shared CWE-20, CWE-502
CVE-2025-0734Shared CWE-20, CWE-502
CVE-2025-2855Shared CWE-20, CWE-502
CVE-2025-1186Shared CWE-20, CWE-502

Affected Assets

ilias
ilias
10.1, 8.23, 9.13

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely flaw remediation by upgrading ILIAS to patched versions 8.24, 9.14, or 10.2 to eliminate the deserialization vulnerability.

prevent

Requires validation of all inputs to the Test Import unserialize function, addressing CWE-20 improper input validation and preventing processing of malicious serialized data.

prevent

Ensures vulnerability scanning and monitoring identifies the deserialization flaw in ILIAS Test Import for prompt detection and patching.

References