CVE-2025-35113

Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.7 / Impact : 3.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json	Third Party Advisory
https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution	Release Notes Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2025-35113	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:atlassian:agiloft:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-08-26 23:15

Updated : 2025-09-02 17:58

NVD link : CVE-2025-35113

Mitre link : CVE-2025-35113

CVE.ORG link : CVE-2025-35113

JSON object : View

Products Affected

atlassian

agiloft

CWE

CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine

{"id": "CVE-2025-35113", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}], "cvssMetricV40": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-26T23:15:35.223", "references": [{"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json", "tags": ["Third Party Advisory"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution", "tags": ["Release Notes", "Vendor Advisory"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-35113", "tags": ["Third Party Advisory"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "description": [{"lang": "en", "value": "CWE-1336"}]}], "descriptions": [{"lang": "en", "value": "Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31."}, {"lang": "es", "value": "Agiloft Release 28 no neutraliza correctamente los elementos especiales utilizados en un motor de plantillas EUI, lo que permite que un atacante autenticado ejecute c\u00f3digo remoto mediante la carga de un payload especialmente manipulada. Los usuarios deben actualizar a Agiloft Release 31."}], "lastModified": "2025-09-02T17:58:53.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:agiloft:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBD749A4-9E7F-4522-8E1A-8A0151CEB08E", "versionEndExcluding": "31", "versionStartIncluding": "19"}], "operator": "OR"}]}], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725"}