Skip to main content
CVE-2025-11023 CRITICAL Act Now

Remote file inclusion in ArkSigner AcBakImzala versions before 5.1.4 allows unauthenticated attackers to coerce the PHP application into including attacker-controlled files, resulting in local file inclusion and potential remote code execution. The CVSS 9.8 score reflects network-reachable, no-authentication exploitation with full confidentiality, integrity, and availability impact, though no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

PHP Information Disclosure LFI
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy