CVE-2025-35113

CWE-13363 documents3 sources
Severity
4.8MEDIUM
EPSS
0.2%
top 58.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Agiloft AgiloftAtlassian Agiloft
Timeline
PublishedAug 26
Latest updateAug 27

Description

Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

Affected Packages2 packages

CVEListV5agiloft/agiloft< Release 31
NVDatlassian/agiloft1931

🔴Vulnerability Details

2
GHSA
GHSA-gf66-vvm8-54jq: Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote2025-08-27
CVEList
Agiloft improper neutralization in EUI template engine2025-08-26
CVE-2025-35113 (MEDIUM CVSS 4.8) | Agiloft Release 28 does not properl | cvebase.io