CVE-2025-35114

Summary

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.

Affected Software

VendorProductVersion RangeStatus
AgiloftAgiloft0 < Release 30affected
AgiloftAgiloftRelease 30unaffected

Weaknesses

  • CWE-1392: CWE-1392 Use of Default Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References