Deserialization Vulnerability in ILIAS Product by ILIAS e-Learning
CVE-2025-11345

5.1MEDIUM

Key Information:

Vendor

ILIAS e-Learning

Status
Ilias
Vendor
CVE Published:
6 October 2025

What is CVE-2025-11345?

A deserialization flaw has been identified in the ILIAS e-Learning platform, specifically in the Test Import function. This vulnerability allows an attacker to manipulate the unserialize function, which can be exploited remotely. The flaw affects ILIAS versions up to 8.23, 9.13, and 10.1. Users are strongly advised to upgrade to ILIAS versions 8.24, 9.14, or 10.2 to mitigate this issue and safeguard their systems from potential exploits.

Affected Version(s)

ILIAS 8.0

ILIAS 8.1

ILIAS 8.2

References

https://vuldb.com/?id.327230
vdb-entrytechnical-description
https://vuldb.com/?ctiid.327230
signaturepermissions-required
https://vuldb.com/?submit.664891
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

rehme_srlabs (VulDB User)
JSON
.
CVE-2025-11345 : Deserialization Vulnerability in ILIAS Product by ILIAS e-Learning