DigiNews

Summary

Security Research Labs reports three remote code execution vulnerabilities in ILIAS LMS across versions 8–10 (CVE-2025-11344/11345/11346). The flaws include unauthenticated RCE via certificate import, and two authenticated RCE paths through insecure deserialization and crafted requests, with patches and responsible disclosure timelines provided. Immediate patching to the affected versions and reinforced access controls are strongly advised for organizations using ILIAS.