CRITICAL🇵🇱 Wersja polska

CVE-2025-10363

CVSS 10.0v4.0pub. 2025-10-06upd. 2026-04-15

Deserialization of Untrusted Data vulnerability in Topal Solutions AG Topal Finanzbuchhaltung on Windows allows Remote Code Execution.This issue affects at least Topal Finanzbuchhaltung: 10.1.5.20 and is fixed in version 11.2.12.00

🤖 AI Analysis
How it works

The vulnerability results from improper processing (deserialization) of data from an untrusted source. An attacker can send a crafted payload over the network without needing to authenticate to the system. The application server deserializes the malicious data, leading to arbitrary code execution in the context of the application process running on Windows.

Impact

An attacker can gain full control over the system running Topal Finanzbuchhaltung by executing arbitrary code without any prior privileges. Due to the maximum CVSS score, the vulnerability threatens the confidentiality, integrity, and availability of both the target system and systems associated with it.

Mitigation & patch

Topal Finanzbuchhaltung must be immediately updated to version 11.2.12.00 or later, in which the vendor has removed the vulnerability. Detailed release information is available in the vendor's official release notes and in the security advisory published by infoguard.ch.

Who is affected

Topal Finanzbuchhaltung version 10.1.5.20 and earlier running on Windows. The vulnerability is fixed in version 11.2.12.00.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDeserialization
CWE
References