CVE-2025-11346 | ILIAS up to 8.23/9.13/10.1 Base64 Decoding unserialize f_settings deserialization (SEC-2025-2113)

A vulnerability categorized as critical has been discovered in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument f_settings leads to deserialization.

This vulnerability is referenced as CVE-2025-11346. It is possible to launch the attack remotely. No exploit is available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More