CVE-2025-35114

CWE-13923 documents3 sources
Severity
8.7HIGH
EPSS
0.0%
top 87.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Agiloft AgiloftAtlassian Agiloft
Timeline
PublishedAug 26
Latest updateAug 27

Description

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5agiloft/agiloft< Release 30
NVDatlassian/agiloft1930

🔴Vulnerability Details

2
GHSA
GHSA-vw2q-8fmv-fj4f: Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation2025-08-27
CVEList
Agiloft local privilege escalation via default credentials2025-08-26
CVE-2025-35114 (HIGH CVSS 8.7) | Agiloft Release 28 contains several | cvebase.io