CVE-2025-35112

Low CVSS: 2.0

Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31.

Vendor

Atlassian

Product

Agiloft

CWE

CWE-611

Yayın Tarihi

2025-08-26 23:15:35

Güncelleme

2025-09-02 17:59:05

Source Identifier

9119a7d8-5eab-497f-8521-727c672e3725

KEV Date Added

Kategoriler

CWE-611 Agiloft LOW Atlassian 2025

Referanslar

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution https://www.cve.org/CVERecord?id=CVE-2025-35112

Benzer Kayıtlar

High

CVE-2026-21569

This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7.1.0 of Crowd Data Cente…

Medium

CVE-2025-22176