Local Privilege Escalation Vulnerability in Agiloft Product by Agiloft
CVE-2025-35114

8.7HIGH

Key Information:

Vendor: Agiloft
Status: Agiloft
Vendor: CVE Published:; 26 August 2025

What is CVE-2025-35114?

Agiloft Release 28 has a security flaw due to several accounts containing default credentials. This vulnerability allows potential local privilege escalation as the password hash for at least one of these accounts is known, making it susceptible to offline cracking. Users are strongly advised to upgrade to Agiloft Release 30 to mitigate this risk.

Affected Version(s)

Agiloft 0

Agiloft Release 30

References

https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE...

https://raw.githubusercontent.com/cisagov/CSAF/develop/cs...

https://www.cve.org/CVERecord?id=CVE-2025-35114

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Matthew Galligan, CISA Rapid Action Force (RAF)