← volver
CVE-2025-35114

Agiloft local privilege escalation via default credentials

CVSS 8.7 HIGHEPSS 0.3%CWE-1392
Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
Agiloft · Agiloft

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.jsonhttps://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolutionhttps://www.cve.org/CVERecord?id=CVE-2025-35114