CVE-2025-11344
Published: 06 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-11344 is a remote code execution vulnerability affecting ILIAS, an open-source learning management system, in versions up to 8.23, 9.13, and 10.1. The issue resides in an unknown functionality of the Certificate Import Handler component, classified under CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-94 (Improper Control of Generation of Code). It was published on 2025-10-06 with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L).
Unauthenticated attackers (PR:N) can exploit this vulnerability remotely over the network (AV:N) with low complexity (AC:L), but it requires user interaction (UI:R), such as tricking a legitimate user into importing a malicious certificate. Successful exploitation enables remote code execution in the context of the affected component, resulting in low impacts to confidentiality, integrity, and availability (C:L/I:L/A:L) with no scope change (S:U).
Advisories recommend upgrading to ILIAS versions 8.24, 9.14, or 10.2 to address the issue. Detailed information is available in the official ILIAS documentation at https://docu.ilias.de/go/blog/15821/882 and security reports from VulDB (https://vuldb.com/?ctiid.327229, https://vuldb.com/?id.327229, https://vuldb.com/?submit.664889) as well as SRLabs analysis at https://srlabs.de/blog/breaking-ilias-part-2-three-to-rce.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unauthenticated remote code execution via code injection (CWE-94) in the public-facing ILIAS certificate import handler, enabling exploitation of public-facing applications (T1190) and command/scripting interpreter abuse (T1059 as cited in advisory).