CVE-2025-35115

Critical CVSS: 9.2

Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30.

Vendor

Atlassian

Product

Agiloft

CWE

CWE-494

Yayın Tarihi

2025-08-26 23:15:35

Güncelleme

2025-09-02 17:57:25

Source Identifier

9119a7d8-5eab-497f-8521-727c672e3725

KEV Date Added

Kategoriler

CWE-494 Agiloft CRITICAL Atlassian 2025

Referanslar

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution https://www.cve.org/CVERecord?id=CVE-2025-35115

Benzer Kayıtlar

High

CVE-2026-21569

This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7.1.0 of Crowd Data Cente…

Medium

CVE-2025-22176