exploitDog

CVE-2025-35114

Опубликовано: 26 авг. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.

Ссылки

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json
Third Party Advisory
https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution
Release Notes
Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2025-35114
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atlassian:agiloft:*:*:*:*:*:*:*:*

Версия от 19 (включая) до 30 (исключая)

EPSS

Процентиль: 11%

0.00038

Низкий

7.5 High

CVSS3

Дефекты

CWE-1392

Связанные уязвимости

GHSA-vw2q-8fmv-fj4f

CVSS3: 7.5

github

5 месяцев назад

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.

EPSS

Процентиль: 11%

0.00038

Низкий

7.5 High

CVSS3

Дефекты

CWE-1392