CVE-2025-11023
BaseFortify
Publication date: 2025-10-23
Last updated on: 2025-10-27
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arksigner | acbakimzala | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a PHP Remote File Inclusion issue in the ArkSigner Software and Hardware Inc. AcBakImzala product before version 5.1.4. It involves improper control of the filename used in include or require statements in PHP programs, allowing an attacker to include functionality from an untrusted source, potentially leading to unauthorized code execution.
How can this vulnerability impact me? :
The vulnerability can have severe impacts including full compromise of the affected system. It allows remote attackers to execute arbitrary code, leading to complete confidentiality, integrity, and availability loss of the system.