CVE-2025-11023 | THREATINT

Description

Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows PHP Local File Inclusion.This issue affects AcBakImzala: before v5.1.4.

PUBLISHED Reserved 2025-09-26 | Published 2025-10-23 | Updated 2025-10-23 | Assigner TR-CERT

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-829 Inclusion of Functionality from Untrusted Control Sphere

CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Product status

Default status

unaffected

Any version before v5.1.4

affected

Credits

Barış BAYDUR finder

Emir KARATAŞ finder

References

www.usom.gov.tr/bildirim/tr-25-0356

cve.org (CVE-2025-11023)

nvd.nist.gov (CVE-2025-11023)

Download JSON