CVE-2025-35114 – Agiloft Release 28 contains default credential ... (How to Fix)

Q: What is the severity of CVE-2025-35114?

CVE-2025-35114 has a CVSS score of 7.5 (HIGH). Agiloft Release 28 contains default credential accounts that could allow attackers to escalate privileges locally. The password hash is known and crackable offline, potentially granting unauthorized access. This affects all users running Agiloft Release 28.

📋 TL;DR

Agiloft Release 28 contains default credential accounts that could allow attackers to escalate privileges locally. The password hash is known and crackable offline, potentially granting unauthorized access. This affects all users running Agiloft Release 28.

💻 Affected Systems

Products:

Agiloft

Versions: Release 28

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of Release 28 are vulnerable unless default credentials have been manually changed.

📦 What is this software?

Agiloft by Atlassian

View all CVEs affecting Agiloft →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through local privilege escalation leading to data theft, system manipulation, or installation of persistent backdoors.

🟠

Likely Case

Unauthorized access to sensitive Agiloft data and configuration settings by local attackers who crack the known password hash.

🟢

If Mitigated

Limited impact if strong network segmentation and access controls prevent local attackers from reaching the system.

🌐 Internet-Facing: LOW (requires local access to exploit, though internet-facing systems could still be targeted if local access is gained through other means)

🏢 Internal Only: HIGH (default credentials with known hash make internal attackers' privilege escalation straightforward)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and password cracking of known hash, which is technically simple with available tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Release 30

Vendor Advisory: https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution

Restart Required: Yes

Instructions:

1. Backup Agiloft data and configuration. 2. Download Agiloft Release 30 from vendor portal. 3. Run upgrade installer following vendor documentation. 4. Restart Agiloft services. 5. Verify upgrade completion.

🔧 Temporary Workarounds

Change Default Credentials

all

Manually change passwords for all default accounts in Agiloft Release 28.

Use Agiloft admin interface to change passwords for all user accounts

Restrict Local Access

all

Implement network segmentation and access controls to limit who can reach the Agiloft system locally.

Configure firewall rules to restrict access to Agiloft ports from trusted IPs only

🧯 If You Can't Patch

Immediately change all default account passwords using strong, unique credentials
Implement strict network segmentation and monitor for unauthorized local access attempts

🔍 How to Verify

Check if Vulnerable:

Check Agiloft version in admin interface or configuration files; if Release 28, assume vulnerable unless default credentials were changed.

Check Version:

Check Agiloft admin dashboard or consult vendor documentation for version command

Verify Fix Applied:

Confirm Agiloft version shows Release 30 in admin interface and test that default credentials no longer work.

📡 Detection & Monitoring

Log Indicators:

Failed login attempts followed by successful logins from default accounts
Unusual privilege escalation activities in system logs

Network Indicators:

Unexpected local network traffic to Agiloft ports from unauthorized sources

SIEM Query:

source="agiloft_logs" AND (event_type="authentication" AND (user="default_account" OR status="success" after multiple failures))

📊 Metadata

CVE ID: CVE-2025-35114

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-1392

EPSS Score: 0.04% exploit probability (11.1th percentile)

Published: August 26, 2025

Last Updated: September 2, 2025

🔗 References

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json Third Party Advisory
https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution Release Notes,Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2025-35114 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-35114, you might also want to check these: