CVE-2025-11135

HIGH

pmTicket Project-Management-Software <2ef379da2075f4761a2c9029cf91d...

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-11135. PoCs published by allannjuguna.

AI-analyzed exploit summary The repository contains a technical writeup describing an authentication bypass vulnerability in PmTicket via insecure deserialization in the `loadLanguage` function. It includes a high-level description and a link to an asciicast demonstrating the exploit.

Description

A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. The affected element is the function loadLanguage of the file classes/class.database.php of the component Cookie Handler. Performing manipulation of the argument user_id results in deserialization. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

github WRITEUP 1 stars

by allannjuguna · pythonpoc

https://github.com/allannjuguna/Exploit-Development/tree/main/CVEs/CVE-2025-11135

View Code ZIP pw:eip

The repository contains a technical writeup describing an authentication bypass vulnerability in PmTicket via insecure deserialization in the `loadLanguage` function. It includes a high-level description and a link to an asciicast demonstrating the exploit.

Classification

Writeup 80%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Theoretical

Target: PmTicket (version not specified)

No auth needed

Prerequisites: Access to the `loadLanguage` function with a manipulable `user_id` argument

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Jun 17, 2026 Full analysis →

References (5)

Core 5

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.326212

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.326212

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.657302

Various Sources related

https://drive.google.com/file/d/18T4Gpzic0OQ-hzZWR6YoJ127QV3Jxyxe/view

Various Sources exploit

https://asciinema.org/a/kTWHQMM7n6QH98gGCW3e7T9xT

Scores

CVSS v3 7.3

EPSS 0.0038

EPSS Percentile 29.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-20 CWE-502

Status published

Products (1)

pmTicket/Project-Management-Software 2ef379da2075f4761a2c9029cf91d073474e7486

Published Sep 29, 2025

Tracked Since Feb 18, 2026