CVE-2025-35114

CVE Database · CVE-2025-35114

CVE-2025-35114

· HIGHAnalyzed

CVSS v3.1

7.5

CVSS v4.0

8.7

EPSS

0.31%

Published

Aug 26, 2025

Modified

Sep 2, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-1392

Affected Products (1)

atlassian · agiloft (up to 30)vulnerable

References (3)

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json

Third Party Advisory

https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution

Release NotesVendor Advisory

https://www.cve.org/CVERecord?id=CVE-2025-35114

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs