Nixpkgs security tracker
Untriaged
Permalink
CVE-2025-11345
5.5 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): Low (L)
- Availability (A): Low (L)
- Exploit Code Maturity (E): Not Defined (X)
- Remediation Level (RL): Official Fix (O)
- Report Confidence (RC): Confirmed (C)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): Low (L)
Activity log
- Created suggestion
ILIAS Test Import unserialize deserialization
A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 can resolve this issue. Upgrading the affected component is advised.
References
Affected products
ILIAS
- ==8.0
- ==8.12
- ==8.18
- ==8.11
- ==8.19
- ==8.6
- ==9.8
- ==8.8
- ==8.9
- ==8.3
- ==8.22
- ==9.3
- ==8.14
- ==8.7
- ==8.15
- ==9.6
- ==9.14
- ==9.5
- ==9.4
- ==8.17
- ==8.5
- ==9.9
- ==8.20
- ==8.23
- ==9.0
- ==10.2
- ==8.13
- ==9.1
- ==8.10
- ==8.21
- ==9.7
- ==9.11
- ==9.2
- ==9.13
- ==8.4
- ==9.12
- ==8.2
- ==9.10
- ==8.1
- ==10.1
- ==10.0
- ==8.24
- ==8.16
Matching in nixpkgs
pkgs.biliass
Convert Bilibili XML/protobuf danmaku to ASS subtitle
pkgs.python312Packages.biliass
Convert Bilibili XML/protobuf danmaku to ASS subtitle
pkgs.python313Packages.biliass
Convert Bilibili XML/protobuf danmaku to ASS subtitle
Package maintainers
-
@linsui linsui <linsui555@gmail.com>