Agiloft local privilege escalation via default credentials_CVE-2025-35114

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.

Basic Information

ID CVE-2025-35114

Source cisa-cg

Published Aug 26, 2025 at 22:18

Affected Product

Vendor Agiloft

Product Agiloft

Affected Versions Agiloft Agiloft 0

CWE Classification

CWE-1392

References

{
    "lastseen": "",
    "description": "Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.",
    "published": "2025-08-26T22:18:12.127Z",
    "modified": "2025-08-26T22:18:12.127Z",
    "type": "cve",
    "title": "Agiloft local privilege escalation via default credentials",
    "source": "cisa-cg",
    "references": "https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution\nhttps://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json\nhttps://www.cve.org/CVERecord?id=CVE-2025-35114",
    "id": "CVE-2025-35114",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1392"
    ],
    "cvelist": null,
    "sourceData": "Agiloft Agiloft 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Agiloft",
    "version": "0",
    "vendor": "Agiloft",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}