{“lastseen”:””,”description”:”Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.”,”published”:”2025-08-26T22:18:12.127Z”,”modified”:”2025-08-26T22:18:12.127Z”,”type”:”cve”,”title”:”Agiloft local privilege escalation via default credentials”,”source”:”cisa-cg”,”references”:”https:\/\/wiki.agiloft.com\/display\/HELP\/What%27s+New%3A+CVE+Resolution\\nhttps:\/\/raw.githubusercontent.com\/cisagov\/CSAF\/develop\/csaf_files\/IT\/white\/2025\/va-25-239-01.json\\nhttps:\/\/www.cve.org\/CVERecord?id=CVE-2025-35114″,”id”:”CVE-2025-35114″,”bulletinFamily”:””,”cwe”:[“CWE-1392″],”cvelist”:null,”sourceData”:”Agiloft Agiloft 0″,”sourceHref”:””,”cvss”:{“score”:7.5,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Agiloft”,”version”:”0″,”vendor”:”Agiloft”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,16,12,15,13,7,11,5],"class_list":["post-14420","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-75","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n