CVE-2025-10363 | Deserialization of Untrusted Data vulnerability in Topal Sol… | CVSS 10.0 CRITICAL

Description

Deserialization of Untrusted Data vulnerability in Topal Solutions AG Topal Finanzbuchhaltung on Windows allows Remote Code Execution.This issue affects at least Topal Finanzbuchhaltung: 10.1.5.20 and is fixed in version 11.2.12.00

Metadata

CVE ID: CVE-2025-10363
State: PUBLISHED
Assigner: NCSC.ch
Reserved: 2025-09-12 13:38 UTC
Published: 2025-10-06 16:38 UTC
Last updated: 2025-10-06 17:15 UTC
Primary CWE: CWE-502
CWE-502 Deserialization of Untrusted Data
Vendor / Product: Topal Solutions AG / Topal Finanzbuchhaltung
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Topal Solutions AG	Topal Finanzbuchhaltung	Windows	10.1.5.20, 11.2.12.00

Weakness (CWE)

CWE	Source	Description
CWE-502	cna	CWE-502 Deserialization of Untrusted Data

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y

References (2)