CVE-2025-35113

Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.7 / Impact : 3.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json	Third Party Advisory
https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution	Release Notes Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2025-35113	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:atlassian:agiloft:*:*:*:*:*:*:*:*

History

02 Sep 2025, 17:58

Type	Values Removed	Values Added
CPE		cpe:2.3:a:atlassian:agiloft::::::::
First Time		Atlassian agiloft Atlassian
References	~~() https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json -~~	() https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json - Third Party Advisory
References	~~() https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution -~~	() https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution - Release Notes, Vendor Advisory
References	~~() https://www.cve.org/CVERecord?id=CVE-2025-35113 -~~	() https://www.cve.org/CVERecord?id=CVE-2025-35113 - Third Party Advisory

29 Aug 2025, 16:22

Type	Values Removed	Values Added
Summary		(es) Agiloft Release 28 no neutraliza correctamente los elementos especiales utilizados en un motor de plantillas EUI, lo que permite que un atacante autenticado ejecute código remoto mediante la carga de un payload especialmente manipulada. Los usuarios deben actualizar a Agiloft Release 31.

26 Aug 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-26 23:15

Updated : 2025-09-02 17:58

NVD link : CVE-2025-35113

Mitre link : CVE-2025-35113

CVE.ORG link : CVE-2025-35113

JSON object : View

Products Affected

atlassian

agiloft

CWE

CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine

{"id": "CVE-2025-35113", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}], "cvssMetricV40": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-26T23:15:35.223", "references": [{"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json", "tags": ["Third Party Advisory"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution", "tags": ["Release Notes", "Vendor Advisory"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-35113", "tags": ["Third Party Advisory"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "description": [{"lang": "en", "value": "CWE-1336"}]}], "descriptions": [{"lang": "en", "value": "Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31."}, {"lang": "es", "value": "Agiloft Release 28 no neutraliza correctamente los elementos especiales utilizados en un motor de plantillas EUI, lo que permite que un atacante autenticado ejecute c\u00f3digo remoto mediante la carga de un payload especialmente manipulada. Los usuarios deben actualizar a Agiloft Release 31."}], "lastModified": "2025-09-02T17:58:53.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:agiloft:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBD749A4-9E7F-4522-8E1A-8A0151CEB08E", "versionEndExcluding": "31", "versionStartIncluding": "19"}], "operator": "OR"}]}], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725"}