Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2025-11344

6.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 2 months, 3 weeks ago

ILIAS Certificate Import Remote Code Execution

A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an unknown functionality of the component Certificate Import Handler. The manipulation results in Remote Code Execution. The attack may be performed from remote. Upgrading to version 8.24, 9.14 and 10.2 addresses this issue. It is recommended to upgrade the affected component.

References

https://vuldb.com/?id.327229 vdb-entrytechnical-description
https://vuldb.com/?ctiid.327229 signaturepermissions-required
Submit #664889 | ILIAS open source e-Learning e. V. ILIAS >=8.0.0, <=10.1 Unrestricted Upload third-party-advisory
https://docu.ilias.de/go/blog/15821/882 related
https://srlabs.de/blog/breaking-ilias-part-2-three-to-rce

Affected products

ILIAS

Matching in nixpkgs

pkgs.biliass

Convert Bilibili XML/protobuf danmaku to ASS subtitle

nixos-unstable 2.2.2
- nixpkgs-unstable 2.2.2
- nixos-unstable-small 2.2.2
nixos-25.11 2.3.1
- nixpkgs-25.11-darwin 2.3.1

pkgs.python312Packages.biliass

Convert Bilibili XML/protobuf danmaku to ASS subtitle

nixos-unstable 2.2.2
- nixpkgs-unstable 2.2.2
- nixos-unstable-small 2.2.2
nixos-25.11 2.3.1
- nixpkgs-25.11-darwin 2.3.1

pkgs.python313Packages.biliass

Convert Bilibili XML/protobuf danmaku to ASS subtitle

nixos-unstable 2.2.2
- nixpkgs-unstable 2.2.2
- nixos-unstable-small 2.2.2
nixos-25.11 2.3.1
- nixpkgs-25.11-darwin 2.3.1

Package maintainers

@linsui linsui <linsui555@gmail.com>