CVE-2025-35113

CVE Database · CVE-2025-35113

CVE-2025-35113

· MEDIUMAnalyzed

CVSS v3.1

5.9

CVSS v4.0

4.8

EPSS

0.40%

Published

Aug 26, 2025

Modified

Sep 2, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Weaknesses (CWE)

CWE-1336

Affected Products (1)

atlassian · agiloft (up to 31)vulnerable

References (3)

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json

Third Party Advisory

https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution

Release NotesVendor Advisory

https://www.cve.org/CVERecord?id=CVE-2025-35113

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs