CVE-2025-35114

HIGH

Atlassian Agiloft < 30 - Privilege Escalation

Title source: rule

Description

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.

References (3)

[Third Party Advisory] https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json

[Release Notes, Vendor Advisory] https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution

[Third Party Advisory] https://www.cve.org/CVERecord?id=CVE-2025-35114

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 11.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-1392

Status published

Affected Products (1)

atlassian/agiloft < 30

Timeline

Published Aug 26, 2025

Tracked Since Feb 18, 2026