{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-11344", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-10-06T06:15:32.695Z", "datePublished": "2025-10-06T18:32:05.924Z", "dateUpdated": "2025-10-07T10:04:33.324Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-10-07T10:04:33.324Z"}, "title": "ILIAS Certificate Import code injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "n/a", "product": "ILIAS", "versions": [{"version": "8.0", "status": "affected"}, {"version": "8.1", "status": "affected"}, {"version": "8.2", "status": "affected"}, {"version": "8.3", "status": "affected"}, {"version": "8.4", "status": "affected"}, {"version": "8.5", "status": "affected"}, {"version": "8.6", "status": "affected"}, {"version": "8.7", "status": "affected"}, {"version": "8.8", "status": "affected"}, {"version": "8.9", "status": "affected"}, {"version": "8.10", "status": "affected"}, {"version": "8.11", "status": "affected"}, {"version": "8.12", "status": "affected"}, {"version": "8.13", "status": "affected"}, {"version": "8.14", "status": "affected"}, {"version": "8.15", "status": "affected"}, {"version": "8.16", "status": "affected"}, {"version": "8.17", "status": "affected"}, {"version": "8.18", "status": "affected"}, {"version": "8.19", "status": "affected"}, {"version": "8.20", "status": "affected"}, {"version": "8.21", "status": "affected"}, {"version": "8.22", "status": "affected"}, {"version": "8.23", "status": "affected"}, {"version": "9.0", "status": "affected"}, {"version": "9.1", "status": "affected"}, {"version": "9.2", "status": "affected"}, {"version": "9.3", "status": "affected"}, {"version": "9.4", "status": "affected"}, {"version": "9.5", "status": "affected"}, {"version": "9.6", "status": "affected"}, {"version": "9.7", "status": "affected"}, {"version": "9.8", "status": "affected"}, {"version": "9.9", "status": "affected"}, {"version": "9.10", "status": "affected"}, {"version": "9.11", "status": "affected"}, {"version": "9.12", "status": "affected"}, {"version": "9.13", "status": "affected"}, {"version": "10.0", "status": "affected"}, {"version": "10.1", "status": "affected"}, {"version": "8.24", "status": "unaffected"}, {"version": "9.14", "status": "unaffected"}, {"version": "10.2", "status": "unaffected"}], "modules": ["Certificate Import Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an unknown functionality of the component Certificate Import Handler. The manipulation results in Remote Code Execution. The attack may be performed from remote. Upgrading to version 8.24, 9.14 and 10.2 addresses this issue. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in ILIAS up to 8.23/9.13/10.1 entdeckt. Betroffen ist eine unbekannte Verarbeitung der Komponente Certificate Import Handler. Durch das Manipulieren mit unbekannten Daten kann eine Remote Code Execution-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Das Aktualisieren auf Version 8.24, 9.14 and 10.2 kann dieses Problem l\u00f6sen. Die Aktualisierung der betroffenen Komponente wird empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2025-10-06T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-10-06T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-10-07T12:09:15.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "rehme_srlabs (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "rehme_srlabs (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.327229", "name": "VDB-327229 | ILIAS Certificate Import code injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.327229", "name": "VDB-327229 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.664889", "name": "Submit #664889 | ILIAS open source e-Learning e. V. ILIAS >=8.0.0, <=10.1 Unrestricted Upload", "tags": ["third-party-advisory"]}, {"url": "https://docu.ilias.de/go/blog/15821/882", "tags": ["related"]}], "tags": ["x_open-source"]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-06T19:30:49.329389Z", "id": "CVE-2025-11344", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T19:31:55.598Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11344", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-06T19:30:49.329389Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T19:31:29.590Z"}}], "cna": {"tags": ["x_open-source"], "title": "ILIAS Certificate Import Remote Code Execution", "credits": [{"lang": "en", "type": "reporter", "value": "rehme_srlabs (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C"}}], "affected": [{"vendor": "n/a", "modules": ["Certificate Import Handler"], "product": "ILIAS", "versions": [{"status": "affected", "version": "8.0"}, {"status": "affected", "version": "8.1"}, {"status": "affected", "version": "8.2"}, {"status": "affected", "version": "8.3"}, {"status": "affected", "version": "8.4"}, {"status": "affected", "version": "8.5"}, {"status": "affected", "version": "8.6"}, {"status": "affected", "version": "8.7"}, {"status": "affected", "version": "8.8"}, {"status": "affected", "version": "8.9"}, {"status": "affected", "version": "8.10"}, {"status": "affected", "version": "8.11"}, {"status": "affected", "version": "8.12"}, {"status": "affected", "version": "8.13"}, {"status": "affected", "version": "8.14"}, {"status": "affected", "version": "8.15"}, {"status": "affected", "version": "8.16"}, {"status": "affected", "version": "8.17"}, {"status": "affected", "version": "8.18"}, {"status": "affected", "version": "8.19"}, {"status": "affected", "version": "8.20"}, {"status": "affected", "version": "8.21"}, {"status": "affected", "version": "8.22"}, {"status": "affected", "version": "8.23"}, {"status": "affected", "version": "9.0"}, {"status": "affected", "version": "9.1"}, {"status": "affected", "version": "9.2"}, {"status": "affected", "version": "9.3"}, {"status": "affected", "version": "9.4"}, {"status": "affected", "version": "9.5"}, {"status": "affected", "version": "9.6"}, {"status": "affected", "version": "9.7"}, {"status": "affected", "version": "9.8"}, {"status": "affected", "version": "9.9"}, {"status": "affected", "version": "9.10"}, {"status": "affected", "version": "9.11"}, {"status": "affected", "version": "9.12"}, {"status": "affected", "version": "9.13"}, {"status": "affected", "version": "10.0"}, {"status": "affected", "version": "10.1"}, {"status": "unaffected", "version": "8.24"}, {"status": "unaffected", "version": "9.14"}, {"status": "unaffected", "version": "10.2"}]}], "timeline": [{"lang": "en", "time": "2025-10-06T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-10-06T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-10-06T08:20:51.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.327229", "name": "VDB-327229 | ILIAS Certificate Import Remote Code Execution", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.327229", "name": "VDB-327229 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.664889", "name": "Submit #664889 | ILIAS open source e-Learning e. V. ILIAS >=8.0.0, <=10.1 Unrestricted Upload", "tags": ["third-party-advisory"]}, {"url": "https://docu.ilias.de/go/blog/15821/882", "tags": ["related"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an unknown functionality of the component Certificate Import Handler. The manipulation results in Remote Code Execution. The attack may be performed from remote. Upgrading to version 8.24, 9.14 and 10.2 addresses this issue. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in ILIAS up to 8.23/9.13/10.1 entdeckt. Betroffen ist eine unbekannte Verarbeitung der Komponente Certificate Import Handler. Durch das Manipulieren mit unbekannten Daten kann eine Remote Code Execution-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Das Aktualisieren auf Version 8.24, 9.14 and 10.2 kann dieses Problem l\u00f6sen. Die Aktualisierung der betroffenen Komponente wird empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Remote Code Execution"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-10-06T18:32:05.924Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11344", "state": "PUBLISHED", "dateUpdated": "2025-10-06T19:31:55.598Z", "dateReserved": "2025-10-06T06:15:32.695Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-10-06T18:32:05.924Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ilias:ilias:8.23:*:*:*:*:*:*:*", "matchCriteriaId": "58F9FBA3-89C9-4EC7-9913-770F9C71A569", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilias:ilias:9.13:*:*:*:*:*:*:*", "matchCriteriaId": "BE5461D9-97C8-4DEE-8E3D-AAEE8840A209", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilias:ilias:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "B4E16B93-654E-47D4-A498-C759D1F4B1EB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an unknown functionality of the component Certificate Import Handler. The manipulation results in Remote Code Execution. The attack may be performed from remote. Upgrading to version 8.24, 9.14 and 10.2 addresses this issue. It is recommended to upgrade the affected component."}], "id": "CVE-2025-11344", "lastModified": "2025-10-14T19:02:34.820", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-10-06T19:15:34.523", "references": [{"source": "cna@vuldb.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docu.ilias.de/go/blog/15821/882"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.327229"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.327229"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.664889"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}