Unrated severityNVD Advisory· Published Aug 26, 2025· Updated Aug 29, 2025

Agiloft local privilege escalation via default credentials

CVE-2025-35114

Description

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.

Affected products

Atlassian/Agiloftllm-fuzzy
Range: <30
Agiloft/Agiloftv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.jsonmitre
wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolutionmitre
www.cve.org/CVERecordmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000