This page lists publicly disclosed CVE vulnerabilities affecting atlassian agiloft (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-35115 | Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30. | 9119a7d8-5eab-497f-8521-727c672e3725 | 9.2 | 0.22% | 2025-08-26 | 2025-09-02 |
| CVE-2025-35114 | Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30. | 9119a7d8-5eab-497f-8521-727c672e3725 | 8.7 | 0.31% | 2025-08-26 | 2025-09-02 |
| CVE-2025-35113 | Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31. | 9119a7d8-5eab-497f-8521-727c672e3725 | 4.8 | 0.40% | 2025-08-26 | 2025-09-02 |
| CVE-2025-35112 | Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31. | 9119a7d8-5eab-497f-8521-727c672e3725 | 5.1 | 0.29% | 2025-08-26 | 2026-04-29 |