VYPR
Medium severity4.1NVD Advisory· Published Aug 26, 2025· Updated Apr 29, 2026

CVE-2025-35112

CVE-2025-35112

Description

Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Atlassian/Agiloft2 versions
    cpe:2.3:a:atlassian:agiloft:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:atlassian:agiloft:*:*:*:*:*:*:*:*range: >=19,<31
    • (no CPE)range: <31

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.