← back
CVE-2025-11344

ILIAS Certificate Import code injection

CVSS 5.3 MEDIUMEPSS 0.5%CWE-74CWE-94
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
06 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an unknown functionality of the component Certificate Import Handler. The manipulation results in Remote Code Execution. The attack may be performed from remote. Upgrading to version 8.24, 9.14 and 10.2 addresses this issue. It is recommended to upgrade the affected component.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
Affected products
n/a · ILIAS