A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an unknown functionality of the component Certificate Import Handler. The manipulation results in Remote Code Execution. The attack may be performed from remote. Upgrading to version 8.24, 9.14 and 10.2 addresses this issue. It is recommended to upgrade the affected component.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00194.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Ilias
  • Ilias

Configuration 1 [-]

OR cpe:2.3:a:ilias:ilias:8.23:*:*:*:*:*:*:*
cpe:2.3:a:ilias:ilias:9.13:*:*:*:*:*:*:*
cpe:2.3:a:ilias:ilias:10.1:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Ilias
  • Ilias
References
Link Providers
https://docu.ilias.de/go/blog/15821/882 cve-icon cve-icon
https://srlabs.de/blog/breaking-ilias-part-2-three-to-rce cve-icon
https://vuldb.com/?ctiid.327229 cve-icon cve-icon
https://vuldb.com/?id.327229 cve-icon cve-icon
https://vuldb.com/?submit.664889 cve-icon cve-icon
History

Fri, 23 Jan 2026 19:30:00 +0000

Type Values Removed Values Added
References

Tue, 14 Oct 2025 19:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ilias:ilias:10.1:*:*:*:*:*:*:*
cpe:2.3:a:ilias:ilias:8.23:*:*:*:*:*:*:*
cpe:2.3:a:ilias:ilias:9.13:*:*:*:*:*:*:*

Wed, 08 Oct 2025 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Ilias
Ilias ilias
Vendors & Products Ilias
Ilias ilias

Tue, 07 Oct 2025 10:15:00 +0000

Type Values Removed Values Added
Title ILIAS Certificate Import Remote Code Execution ILIAS Certificate Import code injection
Weaknesses CWE-74
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C'}

 cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

Mon, 06 Oct 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 06 Oct 2025 18:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an unknown functionality of the component Certificate Import Handler. The manipulation results in Remote Code Execution. The attack may be performed from remote. Upgrading to version 8.24, 9.14 and 10.2 addresses this issue. It is recommended to upgrade the affected component.
Title ILIAS Certificate Import Remote Code Execution
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-01-23T18:23:44.521Z

Reserved: 2025-10-06T06:15:32.695Z

Link: CVE-2025-11344

cve-icon Vulnrichment

Updated: 2026-01-23T18:23:44.521Z

cve-icon NVD

Status : Modified

Published: 2025-10-06T19:15:34.523

Modified: 2026-01-23T19:15:51.993

Link: CVE-2025-11344

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-10-08T13:38:57Z