CVE-2025-35114

HIGH

Atlassian Agiloft < 30 - Privilege Escalation

Title source: rule

Description

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.

References (3)

[Third Party Advisory] https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json

[Release Notes, Vendor Advisory] https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution

[Third Party Advisory] https://www.cve.org/CVERecord?id=CVE-2025-35114

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 13.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-1392

Status published

Products (1)

atlassian/agiloft 19 - 30

Published Aug 26, 2025

Tracked Since Feb 18, 2026