CVE-2025-11345
Published: 06 October 2025
Summary
CVE-2025-11345 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Ilias Ilias. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely flaw remediation by upgrading ILIAS to patched versions 8.24, 9.14, or 10.2 to eliminate the deserialization vulnerability.
Requires validation of all inputs to the Test Import unserialize function, addressing CWE-20 improper input validation and preventing processing of malicious serialized data.
Ensures vulnerability scanning and monitoring identifies the deserialization flaw in ILIAS Test Import for prompt detection and patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Deserialization vulnerability (CWE-502) in the public-facing ILIAS LMS Test Import component enables remote exploitation of a web application with low privileges and user interaction.
NVD Description
A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14…
more
and 10.2 can resolve this issue. Upgrading the affected component is advised.
Deeper analysisAI
CVE-2025-11345 is a deserialization vulnerability in the unserialize function of the Test Import component within ILIAS learning management system versions up to 8.23, 9.13, and 10.1. The flaw stems from improper input validation (CWE-20) and deserialization of untrusted data (CWE-502), allowing malicious serialized objects to be processed. It was published on 2025-10-06 and carries a CVSS v3.1 base score of 5.5 (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L), indicating medium severity with network accessibility and low complexity.
Exploitation requires low privileges (PR:L), such as an authenticated user with access to the Test Import feature, and user interaction (UI:R) to process a crafted input remotely. Successful attacks can result in low-impact confidentiality, integrity, and availability effects, such as limited data exposure, modification, or denial of service on the targeted system.
Advisories recommend upgrading to ILIAS versions 8.24, 9.14, or 10.2 to resolve the issue, with upgrading the affected component advised as the primary mitigation. Relevant references include the official ILIAS documentation at https://docu.ilias.de/go/blog/15821/882, VulDB entries at https://vuldb.com/?ctiid.327230, https://vuldb.com/?id.327230, and https://vuldb.com/?submit.664891, and an SRLabs blog post at https://srlabs.de/blog/breaking-ilias-part-2-three-to-rce detailing related ILIAS exploitation chains.
Details
- CWE(s)