CVE-2025-11344CRITICAL 9.8EPSS p36.3%

CVE-2025-11344CVE-2025-11344

Description

A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an unknown functionality of the component Certificate Import Handler. The manipulation results in Remote Code Execution. The attack may be performed from remote. Upgrading to version 8.24, 9.14 and 10.2 addresses this issue. It is recommended to upgrade the affected component.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.46% probability of exploitation · percentile 36.3% · 2026-06-19T12:03:05Z
Published2025-10-06
Last modified2026-01-23

Underlying weaknesses· 2

CWE-74CWE-94

References

  1. https://docu.ilias.de/go/blog/15821/882
  2. https://vuldb.com/?ctiid.327229
  3. https://vuldb.com/?id.327229
  4. https://vuldb.com/?submit.664889
  5. https://srlabs.de/blog/breaking-ilias-part-2-three-to-rce

2

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-740%live
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-11345
CVE
CVE-2025-11346
CVE
CVE-2026-8992
CVE
CVE-2025-23364
CVE
CVE-2025-9712
CVE
CVE-2025-22467
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.