Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2025-11345

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 2 months ago

ILIAS Test Import unserialize deserialization

A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 can resolve this issue. Upgrading the affected component is advised.

References

https://docu.ilias.de/go/blog/15821/882 related
VDB-327230 | ILIAS Test Import unserialize deserialization vdb-entry technical-description
VDB-327230 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Submit #664891 | ILIAS open source e-Learning e. V. ILIAS >=8.0.0, <=10.1 Deserialization third-party-advisory
VDB-327230 | ILIAS Test Import unserialize deserialization vdb-entry technical-description
VDB-327230 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Submit #664891 | ILIAS open source e-Learning e. V. ILIAS >=8.0.0, <=10.1 Deserialization third-party-advisory
https://docu.ilias.de/go/blog/15821/882 related
https://srlabs.de/blog/breaking-ilias-part-2-three-to-rce

Affected products

ILIAS

Matching in nixpkgs

pkgs.biliass

Convert Bilibili XML/protobuf danmaku to ASS subtitle

nixos-unstable 2.3.1
- nixpkgs-unstable 2.3.1
- nixos-unstable-small 2.3.1

pkgs.python312Packages.biliass

Convert Bilibili XML/protobuf danmaku to ASS subtitle

nixos-unstable 2.3.1
- nixpkgs-unstable 2.3.1
- nixos-unstable-small 2.3.1

pkgs.python313Packages.biliass

Convert Bilibili XML/protobuf danmaku to ASS subtitle

nixos-unstable 2.3.1
- nixpkgs-unstable 2.3.1
- nixos-unstable-small 2.3.1

Package maintainers

@linsui linsui <linsui555@gmail.com>