CVE-2025-35115Download of Code Without Integrity Check in Agiloft

CWE-494Download of Code Without Integrity Check3 documents3 sources
Severity
9.2CRITICALNVD
EPSS
0.0%
top 93.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
AgiloftAtlassian Agiloft
Timeline
PublishedAug 26
Latest updateAug 27

Description

Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5agiloft/agiloft< Release 30
NVDatlassian/agiloft1930

🔴Vulnerability Details

2
GHSA
GHSA-6v2h-8mcr-85f2: Agiloft Release 28 downloads critical system packages over an insecure HTTP connection2025-08-27
CVEList
Agiloft insecure download of system packages2025-08-26
CVE-2025-35115 — Agiloft vulnerability | cvebase