CVE-2025-35112

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
2.0LOW
EPSS
0.0%
top 85.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Agiloft AgiloftAtlassian Agiloft
Timeline
PublishedAug 26
Latest updateAug 27

Description

Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Affected Packages2 packages

CVEListV5agiloft/agiloft< Release 31
NVDatlassian/agiloft1931

🔴Vulnerability Details

2
GHSA
GHSA-256f-5whx-5j84: Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to imp2025-08-27
CVEList
Agiloft XML external entity local path traversal2025-08-26
CVE-2025-35112 (LOW CVSS 2) | Agiloft Release 28 contains an XML | cvebase.io